Folks, I am running wireshark from the client browser machine and server service is running on another machine. I want to see what all are the request and response that are made by the client by running wireshark on client machine. I have configured the RSA key list for SSL as <server-ip>,443,http,c:\certs\myssl.pem Also there is a service svchost.exe which runs as local service currently i am running in as administrator though i find those requests made by svchost.exe to be missing in the capture my capture filter is "port 443" regards bekz asked 16 Jun '11, 09:52  bekz edited 26 Feb '12, 22:10  cmaynard ♦♦ |
One Answer:
My first thought is in order to decrypt the encrypted traffic, capture the ssl handshake 1st as a part of the traffic. ssl.record.content_type == 22 will show the handshake packets. If the handshake is successful and present, use the "Decrypted SSL data" tab which should be present at the bottom of the packet pane to display decrypted traffic. Hope this is helpful, John answered 16 Jun '11, 10:20  John_Modlin |
