Date Posted:
Product: TIBCO Spotfire®
Product: TIBCO Spotfire®
Problem:
How to use Wireshark to capture TLS communication between the TIBCO Spotfire Server, the Node Manager, and running services on the Node Manager
Solution:
In TIBCO Spotfire v7.5 and newer, all communication between the Spotfire Server, Node Managers and services are done using TLS encryption. In order to capture this traffic using Wireshark you need to set up the Spotfire Server to log the TLS handshakes to file and set up Wireshark to decrypt the traffic using this log file.
Capturing traffic on the Spotfire Server:
1. Download and install Wireshark from http://www.wireshark.org/download.html
2. Download jSSLKeyLog from https://sourceforge.net/projects/jsslkeylog, then unzip and save the jSSLKeyLog.jar file to a folder on the Spotfire server (e.g. C:\tibco\tss\7.5.0\tomcat\lib).
3. Edit the startup settings for the Spotfire server:
-- If you are running the Spotfire server as a service you need to edit "options" under the following registry key.
"HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Apache Software Foundation\Procrun 2.0\TssXXX\Parameters\Java"
...where XXX will be the version number of the Spotfire server you are running e.g. Tss750
-- Add the following text to the bottom of the "options" value:
-javaagent:C:\tibco\tss\7.5.0\tomcat\lib\jSSLKeyLog.jar=C:\tibco\tss\7.5.0\tomcat\logs\ssl.log
-- If you are starting and stopping the Spotfire server using the startup.bat script, you need to add:
-javaagent:C:\tibco\tss\7.5.0\tomcat\lib\jSSLKeyLog.jar=C:\tibco\tss\7.5.0\tomcat\logs\ssl.log
... ?to the setenv.bat file.
-- You should add the string to the beginning with "set JAVA_OPTS=" so it will look something like this
set JAVA_OPTS=-server -XX:+DisableExplicitGC -Xms512M -Xmx4096M -javaagent:C:\tibco\tss\7.5.0\tomcat\lib\jSSLKeyLog.jar=C:\tibco\tss\7.5.0\tomcat\logs\ssl.log
Make sure to change the path to the JAR file and to the log file to fit your environment.
4. Open Wireshark.
5. Go to "Edit"->"Prefrences" (CTRL+SHIFT+P) and expand "Protocols".
6. Find HTTP and add the TLS ports used by the Spotfire server, the node manager and the Web player instances for back end communication. The default ports are 9443 and 9501.
7. Find the SSL settings and click the Browse button to find the "(Pre)-Master-Secret log filename". Browse to the log file specified in step 3.
8. Click Ok.
9. Start the capture in Wireshark.
Note: You need to start the capture in Wireshark before starting/re-starting the Spotfire Server. Wireshark needs to capture the initial TLS handshake between the Spotfire Server and the node manager in order to decrypt the TLS traffic.
Note: You need to start the capture in Wireshark before starting/re-starting the Spotfire Server. Wireshark needs to capture the initial TLS handshake between the Spotfire Server and the node manager in order to decrypt the TLS traffic.
10. Restart the Spotfire Server.
Capturing traffic on the Node Manager:
1. Download and install Wireshark from http://www.wireshark.org/download.html
2. Download jSSLKeyLog from https://sourceforge.net/projects/jsslkeylog, then unzip and save the jSSLKeyLog.jar file to a folder on the Node Manager server (e.g. C:\tibco\tsnm\7.5.0\nm).
3. Edit the startup settings for the Node Manager.
-- Edit "options" under the following registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Apache Software Foundation\Procrun 2.0\WpNmRemoteXXX\Parameters\Java" .
...where XXX will be the version number of the node manager you are running e.g. WpNmRemote750
-- Add the following text to the bottom of the "options" value:
...where XXX will be the version number of the node manager you are running e.g. WpNmRemote750
-- Add the following text to the bottom of the "options" value:
-javaagent:C:\tibco\tsnm\7.5.0\nm\jSSLKeyLog.jar=C:\tibco\tsnm\7.5.0\nm\logs\ssl.log
Make sure to edit the path to the JAR file and to the log file to fit your environment.
4. Open Wireshark.
5. Go to "Edit"->"Prefrences" (CTRL+SHIFT+P) and expand "Protocols" .
6. Find HTTP and add the TLS ports used by the Spotfire server. The node manager and the Web player instances for backend communication. The default ports are 9443 and 9501.
7. Find the SSL settings and click the "Browse" button to find the "(Pre)-Master-Secret log filename". Browse to the log file you specified in step 3.
8. Click OK.
9. Start the capture in Wireshark.
Note: You need to start the capture in Wireshark before starting/re-starting the Spotfire Server. Wireshark needs to capture the initial TLS handshake between the Spotfire Server and the node manager in order to decrypt the TLS traffic.
10. Restart the Spotfire Server.
Comments
0 comments
Article is closed for comments.