• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 115
  • Last Modified:

Finding out if the TLS data was compressed from a wireshark capture

Following is a TLS record captured in the wireshark...
Screen-Shot-2016-10-04-at-6.13.56-PM.pngI read in a book that TLS data should not be compressed so wanted to verify if it is getting compressed in my web application.
This is a TLS record of data transfered between my computer and server...
How do i see from the record that the data is compressed or not ?

Also one thing i dont understand in the capture is that the Encrypted application data is different from what is shown in the below tab of wireshark . Why is that ?

Rohit Bajaj
Rohit Bajaj
2 Solutions
Wire shark is complicated, and unless you really know what you are doing, can only give basic idea of what's going on.
How can you tell from the packet capture if the data is being compressed?  I don' think you can, not from a capture.  1) Several problems with this; packets come in fixed sizes, so even if it was the packets SHOULD appear the same size.  This is not perfectly true, but is for this application. 2) there is nothing to compare it to.  You may have a better idea if you collected the entire data stream, and where able to determine the size of all the packets together.  You may consider turning OF TLS, and running a before and after capture, this will tell you better, but again, you have to pay attention to the entire stream.

If the Application is encrypting the data, then that is not the same as TLS encrypting it again for the network trip.  Also, the data may be getting broken into pieces for the packet sizing.
You can't tell with Wireshark if the TLS data stream is being compressed.

Normally when see that TLS data should not be compressed it means that something could  not take the packet that the TLS data is in and compress it.  This would typically be done using a WAN accelerator device, OR, if your web application was directly using TLS  to encrypted the data and then using http (not https) to send the data and your http server was setup to compress http data.

If this is true, then the web server may be compressing the raw data, then invoking TSL which encrypts the compressed raw data.  Which  is O.K. and normal.

My guess is you are not directly encrypting usint TLS that your application is being accessed using HTTPS.

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now