I am troubleshooting an issue where MSMQ messages are stuck in an outbound queue (queue saying Waiting to Connect). In order to troubleshoot I am running WireShark to see exactly what is being pushed over the network interface.

I have run a WireShark trace and what I see seems to be a full SSLV3 handshake (generated from local MSMQ trying to connect to the server):

Client->Server – Client Hello

Server->Client – Server Hello

Client->Server – Client Key Exchange, Change Cipher Spec

Server->Client – Change Cipher Spec, Encrypted Handshake

After these messages I was expecting to see a POST message with the client trying to push a message to the server, and some sort of response from the server but there is nothing. All I see between the client and server after the last Change Cipher Spec is a set of [ACK] and [SYN] messages before the next SSLV3 handshake. The specific messages are:

Client->Server – TCP – [FIN, ACK]

Server->Client – TCP – [ACK]

Server->Client – TCP – [FIN, ACK]

Client->Server – TCP – [ACK]

Client->Server – TCP – [SYN]

Server->Client – TCP – [SYN]

Client->Server – TCP – [ACK]

Then the handshake is repeated.

Should I not expect to see a POST message after the handshake? I know that MSMQ does an HTTP POST of the MSMQ messages when sent over HTTP so I was expecting this to show up as application data after the handshake.

Do I need to somehow configure WireShark to see these since it is over HTTPS?

Thanks