This is our old Q&A Site. Please post any new questions and answers at

If I just want to see encrypted SSL packets, do I need to capture the handshake (even if I am not decrypting the packets?) I am trying to find out this information to help a friend who started capturing after the handshake and is getting far fewer packets than expected.


asked 04 May '12, 14:01

dcushing's gravatar image

accept rate: 0%

For viewing SSL packets without decrypting them, you don't need the SSL handshake. However, you will only see "ApplicationData" frames. You will be able to see when the client and the server send data to each other and how much, but of course you won't see what information they are exchanging.

permanent link

answered 05 May '12, 02:27

SYN-bit's gravatar image

SYN-bit ♦♦
accept rate: 20%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 04 May '12, 14:01

question was seen: 3,457 times

last updated: 05 May '12, 02:27

p​o​w​e​r​e​d by O​S​Q​A