Wireshark查看https的通讯
2015-08-07 16:20
561 查看
如果有服务端的证书,那我们可以分析web下https的通讯情况,在特别的场景下有一定的用处,如外部审计
如下是在wireshark或tshark中配置查看https的设置
![](http://images0.cnblogs.com/blog/124406/201508/071613095344741.jpg)
![](http://images0.cnblogs.com/blog/124406/201508/071613107998255.jpg)
15.852877 192.168.0.155 -> 192.168.0.55 TCP 54 https > sia-ctrl-plane [ACK] Seq=1 Ack=132 Win=6912 Len=0
15.854385 192.168.0.155 -> 192.168.0.55 TLSv1 722 Server Hello, Certificate, Server Hello Done
15.854813 192.168.0.55 -> 192.168.0.155 TLSv1 252 Client Key Exchange, Change Cipher Spec, Finished
15.857471 192.168.0.155 -> 192.168.0.55 TLSv1 60 Change Cipher Spec
15.857721 192.168.0.155 -> 192.168.0.55 TLSv1 107 Finished
15.857811 192.168.0.55 -> 192.168.0.155 TCP 60 sia-ctrl-plane > https [ACK] Seq=330 Ack=728 Win=64972 Len=0
15.859990 192.168.0.55 -> 192.168.0.155 SSL 731 [SSL segment of a reassembled PDU]
15.899431 192.168.0.155 -> 192.168.0.55 TCP 54 https > sia-ctrl-plane [ACK] Seq=728 Ack=1007 Win=9344 Len=0
15.902726 192.168.0.55 -> 192.168.0.155 TCP 66 xmcp > https [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=4 SACK_PERM=1
15.902774 192.168.0.155 -> 192.168.0.55 TCP 66 https > xmcp [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460 SACK_PERM=1 WS=64
15.902887 192.168.0.55 -> 192.168.0.155 TCP 60 xmcp > https [RST] Seq=1 Win=0 Len=0
15.909868 192.168.0.55 -> 192.168.0.155 TCP 66 4789 > https [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=4 SACK_PERM=1
15.909912 192.168.0.155 -> 192.168.0.55 TCP 66 https > 4789 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460 SACK_PERM=1 WS=64
15.910026 192.168.0.55 -> 192.168.0.155 TCP 60 4789 > https [RST] Seq=1 Win=0 Len=0
15.921205 192.168.0.55 -> 192.168.0.155 TCP 66 4790 > https [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=4 SACK_PERM=1
15.921250 192.168.0.155 -> 192.168.0.55 TCP 66 https > 4790 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460 SACK_PERM=1 WS=64
15.921359 192.168.0.55 -> 192.168.0.155 TCP 60 4790 > https [RST] Seq=1 Win=0 Len=0
15.930390 192.168.0.55 -> 192.168.0.155 TCP 66 4791 > https [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=4 SACK_PERM=1
15.930422 192.168.0.155 -> 192.168.0.55 TCP 66 https > 4791 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460 SACK_PERM=1 WS=64
15.930532 192.168.0.55 -> 192.168.0.155 TCP 60 4791 > https [RST] Seq=1 Win=0 Len=0
15.991719 192.168.0.55 -> 192.168.0.155 HTTP 107 POST /all/rptsave HTTP/1.1 (application/x-www-form-urlencoded)
309 15.991837 192.168.0.155 -> 192.168.0.55 TCP 54 https > sia-ctrl-plane [ACK] Seq=728 Ack=1060 Win=9344 Len=0
15.995828 192.168.0.155 -> 192.168.0.55 HTTP 251 HTTP/1.1 200 OK (text/html)
查看证书的信息,asn1view这个工具很好用
如下是在wireshark或tshark中配置查看https的设置
wireshark验证
![](http://images0.cnblogs.com/blog/124406/201508/071613095344741.jpg)
![](http://images0.cnblogs.com/blog/124406/201508/071613107998255.jpg)
tshark验证
tshark -f "tcp and port 443" -i eth2 -o "ssl.keys_list:192.168.0.155,443,http,/root/tmp/a.crt"15.852877 192.168.0.155 -> 192.168.0.55 TCP 54 https > sia-ctrl-plane [ACK] Seq=1 Ack=132 Win=6912 Len=0
15.854385 192.168.0.155 -> 192.168.0.55 TLSv1 722 Server Hello, Certificate, Server Hello Done
15.854813 192.168.0.55 -> 192.168.0.155 TLSv1 252 Client Key Exchange, Change Cipher Spec, Finished
15.857471 192.168.0.155 -> 192.168.0.55 TLSv1 60 Change Cipher Spec
15.857721 192.168.0.155 -> 192.168.0.55 TLSv1 107 Finished
15.857811 192.168.0.55 -> 192.168.0.155 TCP 60 sia-ctrl-plane > https [ACK] Seq=330 Ack=728 Win=64972 Len=0
15.859990 192.168.0.55 -> 192.168.0.155 SSL 731 [SSL segment of a reassembled PDU]
15.899431 192.168.0.155 -> 192.168.0.55 TCP 54 https > sia-ctrl-plane [ACK] Seq=728 Ack=1007 Win=9344 Len=0
15.902726 192.168.0.55 -> 192.168.0.155 TCP 66 xmcp > https [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=4 SACK_PERM=1
15.902774 192.168.0.155 -> 192.168.0.55 TCP 66 https > xmcp [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460 SACK_PERM=1 WS=64
15.902887 192.168.0.55 -> 192.168.0.155 TCP 60 xmcp > https [RST] Seq=1 Win=0 Len=0
15.909868 192.168.0.55 -> 192.168.0.155 TCP 66 4789 > https [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=4 SACK_PERM=1
15.909912 192.168.0.155 -> 192.168.0.55 TCP 66 https > 4789 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460 SACK_PERM=1 WS=64
15.910026 192.168.0.55 -> 192.168.0.155 TCP 60 4789 > https [RST] Seq=1 Win=0 Len=0
15.921205 192.168.0.55 -> 192.168.0.155 TCP 66 4790 > https [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=4 SACK_PERM=1
15.921250 192.168.0.155 -> 192.168.0.55 TCP 66 https > 4790 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460 SACK_PERM=1 WS=64
15.921359 192.168.0.55 -> 192.168.0.155 TCP 60 4790 > https [RST] Seq=1 Win=0 Len=0
15.930390 192.168.0.55 -> 192.168.0.155 TCP 66 4791 > https [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=4 SACK_PERM=1
15.930422 192.168.0.155 -> 192.168.0.55 TCP 66 https > 4791 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1460 SACK_PERM=1 WS=64
15.930532 192.168.0.55 -> 192.168.0.155 TCP 60 4791 > https [RST] Seq=1 Win=0 Len=0
15.991719 192.168.0.55 -> 192.168.0.155 HTTP 107 POST /all/rptsave HTTP/1.1 (application/x-www-form-urlencoded)
309 15.991837 192.168.0.155 -> 192.168.0.55 TCP 54 https > sia-ctrl-plane [ACK] Seq=728 Ack=1060 Win=9344 Len=0
15.995828 192.168.0.155 -> 192.168.0.55 HTTP 251 HTTP/1.1 200 OK (text/html)
查看证书的信息,asn1view这个工具很好用
相关文章推荐
- Http请求之android-async-http 异步框架请求
- HTTP Header 详解
- HttpContext.Current.User.Identity.Name获得不了登录名
- hdu 4046 2011北京赛区网络赛G 线段树 ***
- TCP连接分组交换状态图显示
- 基于java调用https接口
- 设置HttpSendRequest阻塞时间
- ios网络请求 get——post 区别
- HTTP跨域调用-传入URL就直接返回回来数据
- HttpClient异步调用WEB服务
- C++ http socket 文件上传和下载 FILE写文件失败
- TCP状态转换图详解
- TCP学习(1)--报文段首部格式
- http和socket之长连接和短连接区别
- python网络爬虫抓取ajax动态网页数据:以抓取KFC门店地址为例
- 协议森林08 不放弃 (TCP协议与流通信)
- http协议理解
- Chocolate 网络流解法
- 使用apache搭建http文件服务器
- 【VMCloud云平台】SCVMM进阶篇(一)网络虚拟化(1)