Secure Socket Tunnel Protocol (SSTP)
SSTP encapsulates transport data-link layer (L2) frames on a Hypertext Transfer Protocol over Secure Sockets Layer (HTTPS) connection. The protocol currently supports only the Point-to-Point Protocol (PPP) link layer. SSL provides transport-level security with key-negotiation, encryption and traffic integrity checking.
- 04/03/2007 - Initial Availability
Since then, there have been no changes to the SSTP message syntax.
There are no preferences for SSTP.
Example capture file
To use the sample captures file, you must use the pfx file to decrypt the ssl traffic.
Both the pfx file and the sample capture are in the archive below.
- Show only the SSTP based traffic:
- Show only the SSTP messages with a certain major version
- Show only the SSTP messages with a certain minor version
- Show only SSTP control messages
- Show only SSTP messages with a certain length
- Show only SSTP messages with a certain message type
- Show only the SSTP messages with a certain encapsulated protocol
You cannot directly filter SSTP protocols while capturing. However, you can filter on TCP port 443. Since this will also capture regular https traffic, it's not recommended.
- Capture SSTP traffic over the default port (443):
tcp port 443
SSTP dissector availability
The SSTP dissector was merged into Wireshark in February of 2015. Thus it is available in versions 1.99.3 and later.
MS-SSTP Secure Socket Tunneling Protocol (SSTP) - MSDN Documentation of SSTP.