In a .NET application, communication between client and service can be implemented using various different bindings,
NetTcpBinding being one of them.
The class defines an attribute named
Security, which, according to this article, defaults to
This further article explains how
NetTcpBindingclass uses TCP for message transport. Security for the transport mode is provided by implementing Transport Layer Security (TLS) over TCP. The TLS implementation is provided by the operating system.
This sounds to me as if, upon connecting with a WCF Service, the client would perform a TLS handshake. However, if I watch the traffic with Wireshark 3.2.3, the traffic is only recognized as “TCP”, with no TLS handshakes in sight. If there is a TLS handshake going on, shouldn’t Wireshark recognize it as such? Why does it only see generic “TCP Data”?