How to read ocsp package content in wireshark

2

I have deployed basic ocsp server from OpenSSl Cookbook by Ivan Ristic page 44 with following command:

openssl ocsp -port 9080 -index db/index -rsigner root-ocsp.crt -rkey private/root-ocsp.key -CA root-ca.crt -text

And I want to investigate ocsp request content to my server in Wireshark:

 openssl ocsp -issuer root-ca.crt -CAfile root-ca.crt -cert root-ocsp.crt -url http://127.0.0.1:9080

with filter port 9080 applied to loopback (device?) I get necessary tcp packages:

image

How to show their content in oscp format?

P.S. I cannot apply oscp filter, wireshark mark it with red.

srghma

Posted 2017-03-19T10:31:02.603

Reputation: 141

1Since this is a HTTP request which includes the OCSP request you have to use HTTP as the protocol to show the details. IMHO Wireshark then displays the OCSP request and response in the body of the request/response as long as they have the correct Content-Type set. – Steffen Ullrich – 2017-03-19T11:22:18.563

I have recorded transaction on image, when I write http to Apply a display filter... no packages is displayed, how I must set HTTP as the protocol to show the details? As you can see, content-type is present

– srghma – 2017-03-19T11:49:14.147

1A display filter filters only, i.e. does not change how data are displayed but only which data are displayed. You have to change how the data are decoded instead. How this is done depends on the version of Wireshark. But for example Analyze | Decode As in current version. – Steffen Ullrich – 2017-03-19T12:29:52.427

Thanks, your answers had pushed me on right solution. It was very important for me – srghma – 2017-03-19T12:48:26.120

Answers

2

In order to activate OCSP decoding, I had to activate HTTP decoding

Edit -> Preferences -> Protocols -> HTTP -> TCP Ports: add 9080

srghma

Posted 2017-03-19T10:31:02.603

Reputation: 141

Asked: 2017-03-19T10:31:02.603

Viewed: 3 037 times

Active: 2018-04-27T13:58:14.213