Wireshark mailing list archives
Re: tcp.time_delta column with tshark
From: Martin Visser <martinvisser99 () gmail com>
Date: Mon, 31 Jan 2011 12:05:24 +1100
When you connect to a proxy via HTTP and through that that proxy connect to a HTTPS web server, it is still using SSL for the encryption layer. The proxy passes through the SSL of course, as it won't have the private key of the web server. If you are trying to decrypt SSL passing through a HTTP proxy, you will need to apply the private key of the HTTPS web server specify the IP address of the proxy. Regards, Martin MartinVisser99 () gmail com On 31 January 2011 07:49, vincent paul <amoteluro () yahoo com> wrote:
Hi Martin, When client was connected directly to a SSL web server (i.e.server's IP : 1.2.3.4), with the key, I could see the http traffic. When the client went via its proxy (i.e: 5.6.7.8) to the same SSL web server, I couldn't see the packets's content using the same key. I did try to change the source IP in wireshark/tshark set up to the proxy's IP, but couldn't see either. So there should be some kind of encryption or tunnel between client and its proxy, am I wrong? Do you happen to know any document or web site discussing about proxy's operations. Regards, PV ________________________________ From: Martin Visser <martinvisser99 () gmail com> To: Community support list for Wireshark <wireshark-users () wireshark org> Sent: Sun, January 30, 2011 1:42:19 AM Subject: Re: [Wireshark-users] tcp.time_delta column with tshark If you capture traffic on your network on or in the path between the client and proxy, you will see see the HTTP proxy traffic. HTTP traffic direct to the web-server or via a proxy are fundamentally the same - the proxy just has to handle the edge conditions a little differently. Regards, Martin MartinVisser99 () gmail com On 30 January 2011 15:26, vincent paul <amoteluro () yahoo com> wrote:Thank you Sake and J.Snelders for your quick and precious help. Best Regards, PV NOTE: Any idea how to see the packets' content between client and its proxy (not web server) ___________________________________________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Re: How source and destination is identified in Wireshark?, (continued)
- Re: How source and destination is identified in Wireshark? ronnie sahlberg (Jan 28)
- Re: How source and destination is identified in Wireshark? Andrew Hood (Jan 28)
- Re: How source and destination is identified in Wireshark? Guy Harris (Jan 28)
- tcp.time_delta column with tshark vincent paul (Jan 29)
- Re: tcp.time_delta column with tshark j.snelders (Jan 29)
- Re: tcp.time_delta column with tshark Sake Blok (Jan 29)
- Re: tcp.time_delta column with tshark j.snelders (Jan 29)
- Re: tcp.time_delta column with tshark vincent paul (Jan 29)
- Re: tcp.time_delta column with tshark Martin Visser (Jan 30)
- Re: tcp.time_delta column with tshark vincent paul (Jan 30)
- Re: tcp.time_delta column with tshark Martin Visser (Jan 30)
- Re: tcp.time_delta column with tshark vincent paul (Jan 31)