This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hi, need help. I've been capturing data for a while now and need to analyse it but need to decrypt it. Could someone please show me where or explain the procedure step by step (dummy style) so that I will be able to read the data in a more english format. Is this possible? Have had IT experience but more in software development rather than this side. My internet activity shot up and that is why I am investigating.

TIA

asked 04 Dec '14, 11:59

Der's gravatar image

Der
1111
accept rate: 0%

There are several protocols that encrypt data: 802.11 encrypts it on "protected" networks (networks using WEP or WPA/WPA2), SSL encrypts it when used for services such as HTTP ("https") and mail, and so on. What form of encryption are you seeing?

(04 Dec '14, 17:34) Guy Harris ♦♦

will answer tomorrow with an example thanks

(06 Dec '14, 03:01) Der

can't upload image but this is typed copy TLSV1.2 Record layer: Handshake protocol: Encryted handshake message . . then follows a lot of hex chars on the left and other characters on right the only understandable characters on the right are http in this case. Many other examples as well including "application data". What I'd like is for all that data (left / right to be decoded if possible.

Basically if possible I'd like to see as much of my normal internet activity decoded and readable as I seem to have much more activity going on than I should have! Plain PC via wireless modem to a few web pages and a few product updates. In my IP stats I see sites that as far as my activity is concerned I shouldn't have gone near so I want to see what is happening if I can... Thinking of just blocking all these sites via host but would like to investigate if possible. Thanks, hope this help you help me :)

(06 Dec '14, 11:12) Der

OK, that's SSL/TLS encryption.

Wireshark can, in some cases, decrypt that; see the SSL page in the Wireshark Wiki for some information on how to do that.

It cannot, however, always decrypt it. You may have to use a proxy tool, such as Fiddler, to see some of it.

permanent link

answered 06 Dec '14, 12:04

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%

much appreciated thanks

(06 Dec '14, 16:33) Der
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×63
×62
×5

question asked: 04 Dec '14, 11:59

question was seen: 1,134 times

last updated: 06 Dec '14, 16:33

p​o​w​e​r​e​d by O​S​Q​A