Secure Socket Tunnel Protocol (SSTP)

SSTP encapsulates transport data-link layer (L2) frames on a Hypertext Transfer Protocol over Secure Sockets Layer (HTTPS) connection. The protocol currently supports only the Point-to-Point Protocol (PPP) link layer. SSL provides transport-level security with key-negotiation, encryption and traffic integrity checking.

History

Since then, there have been no changes to the SSTP message syntax.

Protocol dependencies

Since SSTP uses HTTP over SSL to encapsulate L2 frames, TCP is used as Transport Protocol. The well known port for HTTP over SSL is 443.

Example traffic

sstp_sample_traffic.png

Preference Settings

There are no preferences for SSTP.

Example capture file

To use the sample captures file, you must use the pfx file to decrypt the ssl traffic.

ssl.png

Both the pfx file and the sample capture are in the archive below.

Display Filter

Capture Filter

You cannot directly filter SSTP protocols while capturing. However, you can filter on TCP port 443. Since this will also capture regular https traffic, it's not recommended.

SSTP dissector availability

The SSTP dissector was merged into Wireshark in February of 2015. Thus it is available in versions 1.99.3 and later.

Discussion

SSTP (last edited 2015-02-19 13:39:34 by JeffMorriss)