Solved

Finding out if the TLS data was compressed from a wireshark capture

Posted on 2016-10-04
2
93 Views
Last Modified: 2016-10-14
Hi,
Following is a TLS record captured in the wireshark...
Screen-Shot-2016-10-04-at-6.13.56-PM.pngI read in a book that TLS data should not be compressed so wanted to verify if it is getting compressed in my web application.
This is a TLS record of data transfered between my computer and server...
How do i see from the record that the data is compressed or not ?

Also one thing i dont understand in the capture is that the Encrypted application data is different from what is shown in the below tab of wireshark . Why is that ?

Thanks
0
Comment
Question by:Rohit Bajaj
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 11

Assisted Solution

by:loftyworm
loftyworm earned 250 total points
ID: 41828665
Wire shark is complicated, and unless you really know what you are doing, can only give basic idea of what's going on.
How can you tell from the packet capture if the data is being compressed?  I don' think you can, not from a capture.  1) Several problems with this; packets come in fixed sizes, so even if it was the packets SHOULD appear the same size.  This is not perfectly true, but is for this application. 2) there is nothing to compare it to.  You may have a better idea if you collected the entire data stream, and where able to determine the size of all the packets together.  You may consider turning OF TLS, and running a before and after capture, this will tell you better, but again, you have to pay attention to the entire stream.

If the Application is encrypting the data, then that is not the same as TLS encrypting it again for the network trip.  Also, the data may be getting broken into pieces for the packet sizing.
0
 
LVL 57

Accepted Solution

by:
giltjr earned 250 total points
ID: 41832603
You can't tell with Wireshark if the TLS data stream is being compressed.

Normally when see that TLS data should not be compressed it means that something could  not take the packet that the TLS data is in and compress it.  This would typically be done using a WAN accelerator device, OR, if your web application was directly using TLS  to encrypted the data and then using http (not https) to send the data and your http server was setup to compress http data.

If this is true, then the web server may be compressing the raw data, then invoking TSL which encrypts the compressed raw data.  Which  is O.K. and normal.

My guess is you are not directly encrypting usint TLS that your application is being accessed using HTTPS.
0

Featured Post

Simple, centralized multimedia control

Watch and learn to see how ATEN provided an easy and effective way for three jointly-owned pubs to control the 60 televisions located across their three venues utilizing the ATEN Control System, Modular Matrix Switch and HDBaseT extenders.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question