This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

If I just want to see encrypted SSL packets, do I need to capture the handshake (even if I am not decrypting the packets?) I am trying to find out this information to help a friend who started capturing after the handshake and is getting far fewer packets than expected.

Thanks

asked 04 May '12, 14:01

dcushing's gravatar image

dcushing
1111
accept rate: 0%


For viewing SSL packets without decrypting them, you don't need the SSL handshake. However, you will only see "ApplicationData" frames. You will be able to see when the client and the server send data to each other and how much, but of course you won't see what information they are exchanging.

permanent link

answered 05 May '12, 02:27

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×319

question asked: 04 May '12, 14:01

question was seen: 3,457 times

last updated: 05 May '12, 02:27

p​o​w​e​r​e​d by O​S​Q​A