I have private key. All i want is if i get an encrypted .pcap file, I should be able to decrypt it using private key and generate a decrypted .pcap file which i can share with other without sharing private key
Please help me out.
Thanks in advance....
asked 17 Apr '13, 21:36
edited 17 Apr '13, 23:55
Wireshark can't uncrypt the pcap file, but you are able to export the SSL session keys for the SSL sessions in the file. These keys will only decrypt these specific sessions, so you can distribute them freely.
The 3rd party needs to:
There is no way yet to do this in tshark, but there is a workaround by using the ssl-debug file, see http://ask.wireshark.org/questions/20283/programatically-export-the-ssl-session-key
answered 17 Apr '13, 23:54