![Close [x]](http://dw1.s81c.com/i/c.gif){kind=small}
Before you start
Developing a system that involves network communication is extremely common in today’s distributed world. During the development of such a system, a communication problem may arise that is difficult to investigate by instrumenting or debugging your software. At times like this, you can turn to a tool like Wireshark, which captures all the network traffic in your system and lets you read it. This often provides the insight required to resolve your problem. If your system uses SSL to secure communications, then you can capture the network traffic, but it is all encrypted, preventing you, the developer, from gaining any useful information. Fortunately, Wireshark comes with an SSL Dissector that, given the right set of conditions, can decrypt this captured traffic. This tutorial provides a step-by-step guide to setting up those conditions using Tomcat as the server and a Web browser as the client.
By the end of this tutorial you will have an understanding of the various conditions that must be met before the Wireshark SSL Dissector can be used. Furthermore, you will be able to arrange for those conditions to be met in a Tomcat installation.
It is assumed that you have a basic understanding of network communication mechanisms. You don’t need to have experience with Tomcat or Wireshark, although both would be advantageous. In particular, this tutorial does not go into any depth about how to use Wireshark once it has been configured correctly.
Please note: This tutorial is not intended to provide any significant insight into why this set of commands works, nor to give any consideration to the many possible variations on these commands. It is intended to enable you to record and decode network traffic in a development environment. It is important to note that the procedures followed here and some of the cryptographic artifacts generated here are very insecure and should never be applied to a production environment.
This tutorial assumes you are using Windows®. To follow this tutorial you will need to install the following (see Resources for download sites):
- Tomcat 5.5
- A suitable JVM for Tomcat
- Wireshark — Version 1.2.2 was used in the development of this tutorial. The Wireshark download must be compiled with GnuTLS and Gcrypt. This can be checked in the "About" window of Wireshark.
- Cygwin including openssl — Version 0.9.8i of openssl was used in the development of this tutorial.
- Jetty — Version 6.1.21 was used in the development of this tutorial. Other versions (newer and older) may work, but the location of the required class file within it may have changed.
In addition, you will need a second machine on which you will use a Web browser to access your Tomcat server.
The following key conditions must be met to allow Wireshark to decrypt a secure connection:
- Tomcat must be configured with a server certificate.
- The specific cryptographic cipher used between client and server (browser and tomcat) must be amenable to Wireshark’s method of decrypting.
- Wireshark must have access to the private key associated with the server certificate.
This tutorial will work through these steps in this order and then, using a browser connecting to the Tomcat server, we will capture a request and response and examine it in Wireshark.
Through this tutorial you will be asked to define three separate passwords. Each password is carefully named and referred to in the tutorial, but to make life easier, you might like to consider using the same password in all three places.
Table of contents
Local resources
Tags
Use the slider bar to see more or fewer tags.
Popular tags shows the top tags for this particular content zone (for example, Java technology, Linux, WebSphere).
My tags shows your tags for this particular content zone (for example, Java technology, Linux, WebSphere).
Popular tutorial tags |
My tutorial tagsSkip to tags list
Popular tutorial tags |
My tutorial tags
