Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Anyone decoding SSL with Sniffer or Wireshark??

Anyone decoding SSL with Sniffer or Wireshark??

Anyone decoding SSL with Sniffer or Wireshark??


I'm interested in peoples experiences with respect to SSL decode using Sniffer products or Wireshark (or anything else you might be using).

We have Infinistream Sniffer's where I work. Decoding SSL is done through the use of *unsupported* software they offer on their web site called "Tools". I've never been able to get that to work properly.

Using Wireshark requires that you store an unencrypted copy of the RSA key on your PC and point to it. I've had some success with that. Decoding my own transactions shows some frames being decoded, while others remain encrypted??

In addition, it looks like Wireshark broke (or maybe they decided it was better this way??) part of their decode in the List/Info section after version 0.99.5. In that version, decoded SSL was listed as HTTP in the top pane (List area)...and the GETs, POSTs, etc. were clearly shown in that area. If you're looking for a 503 error or a specific GET, it was easy to scroll through looking for it. In recent versions you have to highlight the frame and select the "decrypted SSL data" tab to see it....or...you have to select the appropriate frame and use the "follow SSL stream" feature.

I'm just beginning to learn a bit more about SSL, but from what I can see so far...it can be a pain to troubleshoot.

I'm interested in knowing if anyone else has had success and what they were using. Thanks in advance for any comments - Dane

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close