logo

Knowledge Base

Access official resources from Carbon Black experts

Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud: What do you look for with WireShark for TLS issues?

Carbon Black Cloud: What do you look for with WireShark for TLS issues?

Environment

    • Carbon Black Cloud Sensor: All Versions
    • WireShark

Objective

What do you look for with WireShark for TLS issues?

Resolution

  1. Open your PCAP.
  2. Locate communication between client and CBC, use the Configuration Guide link from the firewall port KB below to help determine the CBC sites. 
  3. Use 'Follow Stream' in the Conversations dialog to display that conversation. Dismiss the 'raw data' display that pops up; we won't need that for what we're doing. "Analyze\Follow\TCP Stream"
  4. Highlight the 'Client Hello' packet in the top pane of the display - the list of cipher suites offered by the client can be expanded
  5. Compare results to this KB Carbon Black Cloud: What SSL cipher suites are supported/accepted for communications?
  6. If no Cipher Suite matches then the communication can not happen, please add a Cipher Suite and test.

Related Content

Carbon Black Cloud: What SSL cipher suites are supported/accepted for communications?
Carbon Black Cloud: What Ports must be opened on the Firewall and Proxy Servers?
IS Crypto is a free tool that gives administrators the ability to enable or disable protocols, ciphers, hashes and key exchange algorithms on Windows

Was this article helpful? Yes No
No ratings
Article Information
Author:
CB_Support
Creation Date:
‎12-20-2022
Views:
237
Contributors
logo