如何使用wireshark和其他工具检查java（客户机服务器）中与SSL套接字的连接

我需要用Java开发一个带有SSL套接字的客户机-服务器桌面应用程序。其中一个要求是加密消息

我正在尝试一些internet示例代码，只是想知道如何进行加密连接。这些示例似乎工作正常，或者至少不会产生错误，但是我必须从Wireshark验证消息是否确实加密，但在Wireshark中我只看到TCP数据包。我认为证书和密钥库是正确的

JavaSSLServer.java

/**
 @web http://java-buddy.blogspot.com/
*/    
public class JavaSSLServer {

static final int port = 8000;

public static void main(String[] args) {

    System.setProperty("javax.net.ssl.keyStore","/home/jose/serverKey.jks");
    System.setProperty("javax.net.ssl.keyStorePassword","servpass"); 
    SSLServerSocketFactory sslServerSocketFactory = 
            (SSLServerSocketFactory)SSLServerSocketFactory.getDefault();

    try {
        ServerSocket sslServerSocket = 
                sslServerSocketFactory.createServerSocket(port);
        System.out.println("SSL ServerSocket started");
        System.out.println(sslServerSocket.toString());

        Socket socket = sslServerSocket.accept();
        System.out.println("ServerSocket accepted");

        PrintWriter out = new PrintWriter(socket.getOutputStream(), true);
        try (BufferedReader bufferedReader = 
                new BufferedReader(
                        new InputStreamReader(socket.getInputStream()))) {
            String line;
            while((line = bufferedReader.readLine()) != null){
                System.out.println(line);
                out.println(line);
            }
        }
        System.out.println("Closed");

    } catch (IOException ex) {
        Logger.getLogger(JavaSSLServer.class.getName())
                .log(Level.SEVERE, null, ex);
    }
}}

/**
 @web http://java-buddy.blogspot.com/
*/    
public class JavaSSLClient {

static final int port = 8000;

public static void main(String[] args) {
    System.setProperty("javax.net.ssl.trustStore", "/home/jose/clientTrustedCerts.jks");
    System.setProperty("javax.net.ssl.trustStorePassword", "clientpass"); 
    SSLSocketFactory sslSocketFactory = 
            (SSLSocketFactory)SSLSocketFactory.getDefault();
    try {
        Socket socket = sslSocketFactory.createSocket("localhost", port);
        PrintWriter out = new PrintWriter(socket.getOutputStream(), true);
        try (BufferedReader bufferedReader = 
                new BufferedReader(
                        new InputStreamReader(socket.getInputStream()))) {
            Scanner scanner = new Scanner(System.in);
            while(true){
                System.out.println("Enter something:");
                String inputLine = scanner.nextLine();
                if(inputLine.equals("q")){
                    break;
                }

                out.println(inputLine);
                System.out.println(bufferedReader.readLine());
            }
        }

    } catch (IOException ex) {
        Logger.getLogger(JavaSSLClient.class.getName())
                .log(Level.SEVERE, null, ex);
    }

}

}

JavaSSLClient.java

/**
 @web http://java-buddy.blogspot.com/
*/    
public class JavaSSLServer {

static final int port = 8000;

public static void main(String[] args) {

    System.setProperty("javax.net.ssl.keyStore","/home/jose/serverKey.jks");
    System.setProperty("javax.net.ssl.keyStorePassword","servpass"); 
    SSLServerSocketFactory sslServerSocketFactory = 
            (SSLServerSocketFactory)SSLServerSocketFactory.getDefault();

    try {
        ServerSocket sslServerSocket = 
                sslServerSocketFactory.createServerSocket(port);
        System.out.println("SSL ServerSocket started");
        System.out.println(sslServerSocket.toString());

        Socket socket = sslServerSocket.accept();
        System.out.println("ServerSocket accepted");

        PrintWriter out = new PrintWriter(socket.getOutputStream(), true);
        try (BufferedReader bufferedReader = 
                new BufferedReader(
                        new InputStreamReader(socket.getInputStream()))) {
            String line;
            while((line = bufferedReader.readLine()) != null){
                System.out.println(line);
                out.println(line);
            }
        }
        System.out.println("Closed");

    } catch (IOException ex) {
        Logger.getLogger(JavaSSLServer.class.getName())
                .log(Level.SEVERE, null, ex);
    }
}}

/**
 @web http://java-buddy.blogspot.com/
*/    
public class JavaSSLClient {

static final int port = 8000;

public static void main(String[] args) {
    System.setProperty("javax.net.ssl.trustStore", "/home/jose/clientTrustedCerts.jks");
    System.setProperty("javax.net.ssl.trustStorePassword", "clientpass"); 
    SSLSocketFactory sslSocketFactory = 
            (SSLSocketFactory)SSLSocketFactory.getDefault();
    try {
        Socket socket = sslSocketFactory.createSocket("localhost", port);
        PrintWriter out = new PrintWriter(socket.getOutputStream(), true);
        try (BufferedReader bufferedReader = 
                new BufferedReader(
                        new InputStreamReader(socket.getInputStream()))) {
            Scanner scanner = new Scanner(System.in);
            while(true){
                System.out.println("Enter something:");
                String inputLine = scanner.nextLine();
                if(inputLine.equals("q")){
                    break;
                }

                out.println(inputLine);
                System.out.println(bufferedReader.readLine());
            }
        }

    } catch (IOException ex) {
        Logger.getLogger(JavaSSLClient.class.getName())
                .log(Level.SEVERE, null, ex);
    }

}

}

我添加了System.setProperty（

在Wireshark中：

其他示例：

Wireshark的结果相似

我想与SSL套接字建立连接，对客户端和服务器之间的消息进行加密，并且可以通过Wireshark进行验证（这是另一个要求）

我的问题是：

• 如何验证消息是否使用wireshark进行了加密

• 我是否应该看到SSL/TLS数据包而不是TCP来断定它们是加密的

• 你能告诉我一些示例代码是错误的还是不完整的吗

---

您的客户端和服务器正在交换纯文本消息，因此，如果您在TCP数据包中没有看到纯文本，则消息可能被加密（根据显示的代码，它们应该是加密的）

---

为了验证，您可以过滤连接的两个IP/端口对上的Wireshark捕获，然后将该TCP流解码为

TLS

，并查看是否成功。如果成功，它将显示连接的前几个数据包（在TCP三方握手之后）是未加密的TLS握手（交换证书并协商加密值），随后的数据包是加密的TLS数据包。

发送一条已知消息，看看是否可以在Wireshark中看到它。这是实际的要求。