Wireshark mailing list archives
Re: AIRPCAP and wireshark 1.8.4
From: Prigge Scott <PriggeScottM () JohnDeere com>
Date: Thu, 31 Jan 2013 09:52:56 -0600
if there is some problem with this version of wireshark because i am not able to decript wireless traffic?
Doubtful, these guys are pretty good. What is probably more likely is that you are attempting to view a cached SSL session which bypasses the full SSL key exchange. I can't remember where in the I saw/heard this, but I can tell you from personal experience that Wireshark can only decrypt SSL when the entire key exchange sequence has been captured. I'm sure someone on this board who is a lot smarter than me will give you a better way, but I can typically tell if the SSL session is cached because the Server Hello packet is approximately the same size as the Client Hello - meaning that the certificate was never transmitted. In a full key exchange, the entire certificate is transmitted which typically results in one or more full-sized TCP segments before Wireshark rolls them up into a Server Hello in the Info column. ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- AIRPCAP and wireshark 1.8.4 Giuseppe Montanarella (Jan 31)
- Re: AIRPCAP and wireshark 1.8.4 Prigge Scott (Jan 31)