SSTP encapsulates transport data-link layer (L2) frames on a Hypertext Transfer Protocol over Secure Sockets Layer (HTTPS) connection. The protocol currently supports only the Point-to-Point Protocol (PPP) link layer. SSL provides transport-level security with key-negotiation, encryption and traffic integrity checking.
- 04/03/2007 - Initial Availability
Since then, there have been no changes to the SSTP message syntax.
There are no preferences for SSTP.
To use the sample captures file, you must use the pfx file to decrypt the ssl traffic.
Both the pfx file and the sample capture are in the archive below.
Show only the SSTP based traffic:
Show only the SSTP messages with a certain major version
Show only the SSTP messages with a certain minor version
Show only SSTP control messages
Show only SSTP messages with a certain length
Show only SSTP messages with a certain message type
Show only the SSTP messages with a certain encapsulated protocol
You cannot directly filter SSTP protocols while capturing. However, you can filter on TCP port 443. Since this will also capture regular https traffic, it's not recommended.
Capture SSTP traffic over the default port (443):
tcp port 443
The SSTP dissector was merged into Wireshark in February of 2015. Thus it is available in versions 1.99.3 and later.
- MS-SSTP Secure Socket Tunneling Protocol (SSTP) - MSDN Documentation of SSTP.
Imported from https://wiki.wireshark.org/SSTP on 2020-08-11 23:25:54 UTC