Packet capture tools are oscilloscopes to network programmers, I couldn't get
anything done without near continual use of
wireshark. In a
pinch tcpdump can be used instead of writing server code.
Wireshark has support for a load of protocols and can really help with debugging. Recently I added dtls support to NEAT. DTLS is a protocol enhancement to TLS to support datagram traffic, when it is working all of the traffic is basically random noise.
I had trouble gettting server certs to work correctly with DTLS, thankfully Wireshark can reassemble the datagrams into a coherent certificate and export the data out to a file. I can use this to manually check the cert is being sent correctly.
The process is something like this:
1. Import pcap 2. Find the full reassembled server hello 3. Expand the DTLS body 4. Expand the DTLS Record, Certificate (Reassembled) 5. Right click on 'Handshake Protocol: Certificate(Reassembled)' 6. Select Export Packet Bytes
After than I had a TLS Cert in DER format, DER is just he raw cert bytes.
With this I could then verify using
openssl that the cert chain was valid.
Reading: Abaddon's Gate