I’ve a .net application for windows. This application transfers a lot of data to and from a particular server on a fix port no 8888. I tried ‘Tcpview’ but couldn’t figure out anything useful. I only figured that it uses ‘tcp’ connection.
Is there a way to know which protocol is used for data transfer (I think port no 8888 is not specific port so not helpful)? How exactly my machine makes connection to this server? Is it telnet/http etc or what?
How can I inspect the actual data which is being transferred?
If data is encrypted, is it possible to know encryption method on client side (without reverse engineering)?
Wireshark may help to answer questions 1 and 2. You can set Wireshark to filter out anything except TCP port 8888. Then simply select one of the packets, and Wireshark will break it down into the various protocol layers (assuming it recognises the protocols). If you start Wireshark before your application, then you should be able to see any set-up activity generated by the application.
You will also be able to inspect the payload data (again, assuming Wireshark is able to decode the particular protocol which contains the payload).