powered by Jive Software

Understanding messages through packets traced by wireshark

Maybe the question is silly but I can’t realize how to decode packets related to OpenFire-Spark traffic captured with wireshark.

This is an example of a packet tagged as Jabber/XML by the tool

\027\003\001\000\021’EhC\233\210&A\2464\250\035\225\361\346\240\264

Any advice ?

Thanks

ny

Maybe you should disable SSL connections in Spark and Openfire to be able to read message packets

Thank a lot! It has helped

Cheers

ny

I have the same question. This is what I see, which is OBVIOUSLY not a SSL encrypted string. Its an encoded or compressed string of some kind.

[truncated] \262\311M-.NLOU\310L\261U\362\362\21374QR(\251,H\265UJ\316H,\001\262\363m\225\2 14\214\222M\f\215\215\214t\323R\023\215uM\222\315-t\223R\r\322\200\3344\203d\203 \024\240@\262\211CIFf^6H\217^NbJA\261^r~\256\222\235MR~J\245]FjN\201

In my admin tool there IS NOT a padlock icon next to the users session and so I know the connection is not SSL. Also, openfire admin is set for “SSL Disabled” in the server properties.

In any case, my friend insists Openfire is making an SSL connection but I disagree. Does anyone understand the encoding of this protocol enough so that I can prove to my friend that this IS NOT ssl encrypted?

Hi,

you may want to disable encryption and compression in the admin interface:

/ssl-settings.jsp
Client Connection Security
[x] Custom
Old SSL method: [x] Not Available
TLS method: [x] Not Available

/compression-settings.jsp
Client Compression Policy
[x] Not Available

LG

Maybe your clients are doing some encryption independently of a server. Because with SSL disabled you should clearly see xml sctructure and text of the messages.