Wireshark mailing list archives

Re: Spotting HTTPS handshake problem with Wireshark

From: Martin Visser <martinvisser99 () gmail com>
Date: Tue, 6 Oct 2009 21:01:20 +1100

Your capture by itself probably won't help you. As you are probably aware a
HTTP 403 response indicates your server is forbidden to respond to you.
(Note this is different from 401 which indicates a an authorization or
authenticantion issue). So assuming that you are authenticated, the error is
a result of permissions, so provided you are possibly better off looking at
these things on the server side logs.

But if you do want to see the actual requests you will need to obtain the
server's private key and use it on your capture as per
http://wiki.wireshark.org/SSL

Regards, Martin

MartinVisser99 () gmail com


2009/10/6 Mariano Eloy Fernández <mefernandez () csd com es>

Hi,

I am new to Wireshark and I'm trying to analyze the following set up.
There's a problem in a HTTPS communication. The client is authenticating
with a valid certificate. The server is giving us a 403 error code.
The server admin has sent me a .cap file captured with Wireshark.
How can I filter all this traffic data to spot the error? There's just too
much data in there.

I am used to going through SSL log files generated with Java when
javax.net.debug is on.
I usually search for something like "Bad certificate" or "Unkown
Certificate" or "No chain".
How can I transform this .cap data into something I can read and understand
with Wireshark?

Thanks in advance,

Mariano.

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org
?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

Spotting HTTPS handshake problem with Wireshark Mariano Eloy Fernández (Oct 06)
- Re: Spotting HTTPS handshake problem with Wireshark Martin Visser (Oct 06)