> I have been trying that. it shows handshake for TLSv1 for some sites and
> not for others.
>
> I might be using it wrong.. but am not also sure if it supports analyzing
> https by default..
>
> Have you tried it ?
If Wireshark doesn't work, try Microsoft Network Monitor (NetMon).
Wireshark is written using OpenSSL. NetMon is written using Microosft's
CryptoAPI, and doesn't use OpenSSL. In case that makes a difference in
your SSL packet analysis.
It is not open source. It is freeware, supplied by the platform vendor.
Actually, part of it is open source, some of the MS filters are on
CodePlex.com.
NetMon has 2 advantages over Wireshark:
1) Written by platform vendor with their understanding of the protocol
they implemented, so useful for some nuances of Windows-centric
protocols (esp. MS Office-related). [1]
2) Most (all?) open source alternatives rely on WinPCap, which hasn't
been maintained in years[2], unlike Unix LibPcap, or Microsoft NetMon
driver. So modern sniffing on Windows can have problems with Wireshark
and other WinPCap-dependent software.
[1]http://social.technet.microsoft.com/Forums/en/netmon/thread/86c8614c-d0f1-42d0-814c-e85529964861
[2]http://www.winpcap.org/pipermail/winpcap-users/2012-December/004690.html
MSDN tries hard to show you outdated NetMon 2.x info, pay attention only
to 3.x pages.
http://www.microsoft.com/en-us/download/details.aspx?id=4865
http://nmexperts.codeplex.com/
http://nmparsers.codeplex.com/
Also, depending on your SSL usage, try Microsoft Fiddler (Fiddler2). It
is their developer tool for analysing web app dev, including -- I
believe -- HTTPS traffic. Useful in same case as #1 above.
http://www.fiddler2.com/
Just for grins, try using Wireshark on Linux, using LibPcap, instead of
WinPcap, to see if that impacts your results.
HTH.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
