Is there a way to debug a handshake communication in Wireshark, I just need to check if the operation is correct or not, I have integrated TLS in MCU and want to send a GET request to my server, I can see the operation of handeshark in Wireshark, and the encrypted data sent to the server, but on the server side, I don't see any records added to the mysql database.
please see this image:
*for more info please see my second post is kinda related: stackoverflow
Log:
No. Time Source Destination Protocol Length Info
2637 33.855902 192.168.1.4 45.84.204.10 TLSv1.2 120 Client Hello
Frame 2637: 120 bytes on wire (960 bits), 120 bytes captured (960 bits) on interface \Device\NPF_{0BF443D1-F659-40FD-96FE-C40B5B821ABA}, id 0
Ethernet II, Src: IntelCor_7b:8a:77 (2c:6e:85:7b:8a:77), Dst: HuaweiTe_7c:8f:66 (64:2c:ac:7c:8f:66)
Internet Protocol Version 4, Src: 192.168.1.4, Dst: 45.84.204.10
Transmission Control Protocol, Src Port: 63991, Dst Port: 443, Seq: 1, Ack: 1, Len: 66
Transport Layer Security
TLSv1.2 Record Layer: Handshake Protocol: Client Hello
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 61
Handshake Protocol: Client Hello
Handshake Type: Client Hello (1)
Length: 57
Version: TLS 1.2 (0x0303)
Random: 4e3ea400d95c40913a10c5b8394761c17351f121497bab2c…
GMT Unix Time: Aug 7, 2011 21:41:04.000000000 SE Asia Standard Time
Random Bytes: d95c40913a10c5b8394761c17351f121497bab2cd902d9c3…
Session ID Length: 0
Cipher Suites Length: 6
Cipher Suites (3 suites)
Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)
Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
Compression Methods Length: 1
Compression Methods (1 method)
Compression Method: null (0)
Extensions Length: 10
Extension: signature_algorithms (len=6)
Type: signature_algorithms (13)
Length: 6
Signature Hash Algorithms Length: 4
Signature Hash Algorithms (2 algorithms)
Signature Algorithm: rsa_pkcs1_sha256 (0x0401)
Signature Algorithm: SHA224 RSA (0x0301)
No. Time Source Destination Protocol Length Info
2682 34.102896 45.84.204.10 192.168.1.4 TLSv1.2 1078 Server Hello
Frame 2682: 1078 bytes on wire (8624 bits), 1078 bytes captured (8624 bits) on interface \Device\NPF_{0BF443D1-F659-40FD-96FE-C40B5B821ABA}, id 0
Ethernet II, Src: HuaweiTe_7c:8f:66 (64:2c:ac:7c:8f:66), Dst: IntelCor_7b:8a:77 (2c:6e:85:7b:8a:77)
Internet Protocol Version 4, Src: 45.84.204.10, Dst: 192.168.1.4
Transmission Control Protocol, Src Port: 443, Dst Port: 63991, Seq: 1, Ack: 67, Len: 1024
Transport Layer Security
TLSv1.2 Record Layer: Handshake Protocol: Server Hello
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 81
Handshake Protocol: Server Hello
Handshake Type: Server Hello (2)
Length: 77
Version: TLS 1.2 (0x0303)
Random: 609e9998b95481a4551fe5cdf796856b14cdc268405d9ad5…
GMT Unix Time: May 14, 2021 22:39:04.000000000 SE Asia Standard Time
Random Bytes: b95481a4551fe5cdf796856b14cdc268405d9ad5444f574e…
Session ID Length: 32
Session ID: 417862426c4f746e79dd6e68aedaff40d27d175f688b1a83…
Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
Compression Method: null (0)
Extensions Length: 5
Extension: renegotiation_info (len=1)
Type: renegotiation_info (65281)
Length: 1
Renegotiation Info extension
No. Time Source Destination Protocol Length Info
2872 35.805250 45.84.204.10 192.168.1.4 TLSv1.2 252 Certificate, Server Hello Done
Frame 2872: 252 bytes on wire (2016 bits), 252 bytes captured (2016 bits) on interface \Device\NPF_{0BF443D1-F659-40FD-96FE-C40B5B821ABA}, id 0
Ethernet II, Src: HuaweiTe_7c:8f:66 (64:2c:ac:7c:8f:66), Dst: IntelCor_7b:8a:77 (2c:6e:85:7b:8a:77)
Internet Protocol Version 4, Src: 45.84.204.10, Dst: 192.168.1.4
Transmission Control Protocol, Src Port: 443, Dst Port: 63991, Seq: 5121, Ack: 67, Len: 198
[6 Reassembled TCP Segments (5223 bytes): #2682(938), #2683(1024), #2731(1024), #2732(1024), #2871(1024), #2872(189)]
Transport Layer Security
TLSv1.2 Record Layer: Handshake Protocol: Certificate
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 5218
Handshake Protocol: Certificate
Handshake Type: Certificate (11)
Length: 5214
Certificates Length: 5211
Certificates (5211 bytes)
Transport Layer Security
TLSv1.2 Record Layer: Handshake Protocol: Server Hello Done
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 4
Handshake Protocol: Server Hello Done
Handshake Type: Server Hello Done (14)
Length: 0
No. Time Source Destination Protocol Length Info
3070 39.245136 192.168.1.4 45.84.204.10 TLSv1.2 321 Client Key Exchange
Frame 3070: 321 bytes on wire (2568 bits), 321 bytes captured (2568 bits) on interface \Device\NPF_{0BF443D1-F659-40FD-96FE-C40B5B821ABA}, id 0
Ethernet II, Src: IntelCor_7b:8a:77 (2c:6e:85:7b:8a:77), Dst: HuaweiTe_7c:8f:66 (64:2c:ac:7c:8f:66)
Internet Protocol Version 4, Src: 192.168.1.4, Dst: 45.84.204.10
Transmission Control Protocol, Src Port: 63991, Dst Port: 443, Seq: 67, Ack: 5319, Len: 267
Transport Layer Security
TLSv1.2 Record Layer: Handshake Protocol: Client Key Exchange
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 262
Handshake Protocol: Client Key Exchange
Handshake Type: Client Key Exchange (16)
Length: 258
RSA Encrypted PreMaster Secret
No. Time Source Destination Protocol Length Info
3085 39.493438 192.168.1.4 45.84.204.10 TLSv1.2 60 Change Cipher Spec
Frame 3085: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface \Device\NPF_{0BF443D1-F659-40FD-96FE-C40B5B821ABA}, id 0
Ethernet II, Src: IntelCor_7b:8a:77 (2c:6e:85:7b:8a:77), Dst: HuaweiTe_7c:8f:66 (64:2c:ac:7c:8f:66)
Internet Protocol Version 4, Src: 192.168.1.4, Dst: 45.84.204.10
Transmission Control Protocol, Src Port: 63991, Dst Port: 443, Seq: 334, Ack: 5319, Len: 6
Transport Layer Security
TLSv1.2 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec
Content Type: Change Cipher Spec (20)
Version: TLS 1.2 (0x0303)
Length: 1
Change Cipher Spec Message
No. Time Source Destination Protocol Length Info
3090 39.559920 192.168.1.4 45.84.204.10 TLSv1.2 99 Encrypted Handshake Message
Frame 3090: 99 bytes on wire (792 bits), 99 bytes captured (792 bits) on interface \Device\NPF_{0BF443D1-F659-40FD-96FE-C40B5B821ABA}, id 0
Ethernet II, Src: IntelCor_7b:8a:77 (2c:6e:85:7b:8a:77), Dst: HuaweiTe_7c:8f:66 (64:2c:ac:7c:8f:66)
Internet Protocol Version 4, Src: 192.168.1.4, Dst: 45.84.204.10
Transmission Control Protocol, Src Port: 63991, Dst Port: 443, Seq: 340, Ack: 5319, Len: 45
Transport Layer Security
TLSv1.2 Record Layer: Handshake Protocol: Encrypted Handshake Message
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 40
Handshake Protocol: Encrypted Handshake Message
No. Time Source Destination Protocol Length Info
3099 39.842679 45.84.204.10 192.168.1.4 TLSv1.2 105 Change Cipher Spec, Encrypted Handshake Message
Frame 3099: 105 bytes on wire (840 bits), 105 bytes captured (840 bits) on interface \Device\NPF_{0BF443D1-F659-40FD-96FE-C40B5B821ABA}, id 0
Ethernet II, Src: HuaweiTe_7c:8f:66 (64:2c:ac:7c:8f:66), Dst: IntelCor_7b:8a:77 (2c:6e:85:7b:8a:77)
Internet Protocol Version 4, Src: 45.84.204.10, Dst: 192.168.1.4
Transmission Control Protocol, Src Port: 443, Dst Port: 63991, Seq: 5319, Ack: 385, Len: 51
Transport Layer Security
TLSv1.2 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec
Content Type: Change Cipher Spec (20)
Version: TLS 1.2 (0x0303)
Length: 1
Change Cipher Spec Message
TLSv1.2 Record Layer: Handshake Protocol: Encrypted Handshake Message
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 40
Handshake Protocol: Encrypted Handshake Message
No. Time Source Destination Protocol Length Info
3122 40.259176 192.168.1.4 45.84.204.10 TLSv1.2 181 Application Data
Frame 3122: 181 bytes on wire (1448 bits), 181 bytes captured (1448 bits) on interface \Device\NPF_{0BF443D1-F659-40FD-96FE-C40B5B821ABA}, id 0
Ethernet II, Src: IntelCor_7b:8a:77 (2c:6e:85:7b:8a:77), Dst: HuaweiTe_7c:8f:66 (64:2c:ac:7c:8f:66)
Internet Protocol Version 4, Src: 192.168.1.4, Dst: 45.84.204.10
Transmission Control Protocol, Src Port: 63992, Dst Port: 443, Seq: 1, Ack: 1, Len: 127
Transport Layer Security
TLSv1.2 Record Layer: Application Data Protocol: http-over-tls
Content Type: Application Data (23)
Version: TLS 1.2 (0x0303)
Length: 122
Encrypted Application Data: 0000000000000001a3bc5fda47bb853433419dc3a8e63df6…
No. Time Source Destination Protocol Length Info
3147 40.511536 45.84.204.10 192.168.1.4 TLSv1.2 61 Alert (Level: Fatal, Description: Unexpected Message)
Frame 3147: 61 bytes on wire (488 bits), 61 bytes captured (488 bits) on interface \Device\NPF_{0BF443D1-F659-40FD-96FE-C40B5B821ABA}, id 0
Ethernet II, Src: HuaweiTe_7c:8f:66 (64:2c:ac:7c:8f:66), Dst: IntelCor_7b:8a:77 (2c:6e:85:7b:8a:77)
Internet Protocol Version 4, Src: 45.84.204.10, Dst: 192.168.1.4
Transmission Control Protocol, Src Port: 443, Dst Port: 63992, Seq: 1, Ack: 128, Len: 7
Transport Layer Security
TLSv1.2 Record Layer: Alert (Level: Fatal, Description: Unexpected Message)
Content Type: Alert (21)
Version: TLS 1.0 (0x0301)
Length: 2
Alert Message
Level: Fatal (2)
Description: Unexpected Message (10)
The last line of the output shows "Application data". Application data are only transmitted if the TLS handshake was successful. Thus any problems you have are outside the TLS handshake.