This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Viewing SSL packets

0

If I just want to see encrypted SSL packets, do I need to capture the handshake (even if I am not decrypting the packets?) I am trying to find out this information to help a friend who started capturing after the handshake and is getting far fewer packets than expected.

Thanks

asked 04 May '12, 14:01

dcushing's gravatar image

dcushing
1111
accept rate: 0%


One Answer:

0

For viewing SSL packets without decrypting them, you don't need the SSL handshake. However, you will only see "ApplicationData" frames. You will be able to see when the client and the server send data to each other and how much, but of course you won't see what information they are exchanging.

answered 05 May '12, 02:27

SYN-bit's gravatar image

SYN-bit ♦♦
17.1k957245
accept rate: 20%