Re: dissecting HTTPS traffic

[Noam Birnbaum <noam () maccentricsolutions com>]

Mark, I'm curious about your statement that it's not legal to decrypt
users' traffic without them being aware. Since companies are constantly
asserting that they own all the data on their devices and network, why
would a user's personal traffic, even if it's of a sensitive nature, be any
different?

Thanks!
noam

On Tue, Oct 13, 2015 at 9:00 AM, Mark Semkiw <Mark.Semkiw () commtrans org>
wrote:

> Because technically it’s not legal to decrypt users traffic without them
> being aware.  It could reveal things like online banking passwords and
> such.  We use PA firewalls and they have the ability to do SSL decryption
> but I can’t actually see the traffic, the firewall uses layer 7 inspection
> to and it’s own internal rule base/security signatures do decide if the
> traffic gets passed or not.
>
> *Mark Semkiw, Senior Network Engineer*
>
> *CCNA  CNSE  WCNA*
>
>
> From: <wireshark-users-bounces () wireshark org> on behalf of Noam Birnbaum
> Reply-To: Community support list for Wireshark
> Date: Monday, October 12, 2015 at 4:32 PM
> To: Community support list for Wireshark
> Subject: Re: [Wireshark-users] dissecting HTTPS traffic
>
> Curious, why wouldn't you recommend doing our own MITM attack? (And how
> would we do it?)
>
> On Mon, Oct 12, 2015 at 11:22 AM, Mark Semkiw <Mark.Semkiw () commtrans org>
> wrote:
>
> > All you can really do at that point is analyze the endpoints and see if
> > you can get any info from that.  Well I guess you could setup your own
> > man-in-the-middle attack, but I wouldn’t suggest it.
> >
> > *Mark Semkiw, Senior Network Engineer*
> >
> > *CCNA  CNSE  WCNA*
> >
> >
> > From: <wireshark-users-bounces () wireshark org> on behalf of Noam Birnbaum
> > Reply-To: Community support list for Wireshark
> > Date: Friday, October 9, 2015 at 4:12 PM
> > To: "wireshark-users () wireshark org"
> > Subject: [Wireshark-users] dissecting HTTPS traffic
> >
> > Hey folks,
> >
> > One of our clients has recently been having their WAN bandwidth eaten up,
> > and we've narrowed it down to one executive's computer.
> >
> > Now we want to dissect that computer's traffic to see what it's doing.
> > However, much of it is HTTPS, so we can't see the content. Any suggestions
> > on getting a useful analysis?
> >
> > Thanks!
> >
> >
> > ___________________________________________________________________________
> > Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
> > Archives:    https://www.wireshark.org/lists/wireshark-users
> > Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
> >              mailto:wireshark-users-request () wireshark org
> > ?subject=unsubscribe
>
>
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
> Archives:    https://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>              mailto:wireshark-users-request () wireshark org
> ?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe