This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Folks,

I am running wireshark from the client browser machine and server service is running on another machine. I want to see what all are the request and response that are made by the client by running wireshark on client machine.

I have configured the RSA key list for SSL as

<server-ip>,443,http,c:\certs\myssl.pem

Also there is a service svchost.exe which runs as local service currently i am running in as administrator though i find those requests made by svchost.exe to be missing in the capture

my capture filter is "port 443"

regards bekz

asked 16 Jun '11, 09:52

bekz's gravatar image

bekz
1111
accept rate: 0%

edited 26 Feb '12, 22:10

cmaynard's gravatar image

cmaynard ♦♦
9.3k1038142


My first thought is in order to decrypt the encrypted traffic, capture the ssl handshake 1st as a part of the traffic. ssl.record.content_type == 22 will show the handshake packets. If the handshake is successful and present, use the "Decrypted SSL data" tab which should be present at the bottom of the packet pane to display decrypted traffic.

Hope this is helpful, John

permanent link

answered 16 Jun '11, 10:20

John_Modlin's gravatar image

John_Modlin
1205
accept rate: 0%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×319
×69
×42
×1

question asked: 16 Jun '11, 09:52

question was seen: 5,020 times

last updated: 06 Apr '12, 06:01

p​o​w​e​r​e​d by O​S​Q​A