If your firewall only allows https, all applications will move to https
Many entreprise networks restrict the applications that users can use by blocking some TCP and UDP ports at the entreprise firewalls. This happens as well in campus networks. To cope with these restrictions, some applications, notably those running on smartphones, have moved to the well known and usually open HTTP or HTTPS ports. Over the years, firewalls have evolved. instad of simply looking at port numbers, most of today’s firewalls inspect the packets exchanged over a connection to ensure that HTTP is used on port 80 and TLS on port 443. If this is not the case, the connection is considered to be suspicious and blocked.
A recent post by Luca Deri reminds us that to cope with these firewalls, some applications now start as a standard protocol and later switch to a proprietary application-layer protocol at the middle of the connection. If you really want to analyse the data sent by one of these applications, make sure that you collect all the packets exchanged over the connection and not only the first ones…
This blog post was written to inform the readers of Computer Networking: Principles, Protocols and Practice about the evolution of the field. You can subscribe to the Atom feed for this blog. These notes are also posted on the ebook’s Facebook page