Note that this does not display the whole TCP/TLS connections, but only the OCSP parts. You will find both types by using the “ocsp” display filter. some regular HTTPS connections to my Raspi, which queried the OCSP stapling in conjunction with the normal X.509 certificate.the OCSP requests sent from my server (Raspi that hosts and ip.) to the Let’s Encrypt OCSP server in order to get signed time-stamps, and.You can find some OCSP related packets in the Ultimate PCAP, divided into two parts: The trace shows the first seconds after router reboot, captured with my ProfiShark.Ĭisco IOS configuration used for this setup: To my mind, this is because the BFD neighborship was not yet established or the router sending the first control message has not yet opened the receiving port. In the following screenshot, you can also see an ICMP port unreachable right after the very first control packet. (This will also show an ICMP destination unreachable port unreachable after the very first control packet which is not shown by the “bfd” filter.) You have to use the IP based display filter rather thanįtp or ftp-data in order to see the whole TCP handshake and TLS session. One IPv6 session from a Windows 7 PC using the file explorer, which uses unencrypted FTP.Ip.addr eq 10.82.185.11 and ip.addr eq 5.35.226.136 – one via unencrypted FTP (yes, you can see the password and the whole transferred file!), and one with TLS. There are three FTP sessions in the trace:
)ĭefinitely one of the most well-known protocols: FTP. It’s getting more special since the most common protocols were already in there. It features some more network protocols that I will depict in this blog post.
An updated version of my Ultimate PCAP is available.
0 kommentar(er)
