This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Decrypting a Wireshark capture without the private key

0

Good afternoon,

I have being assigned the task of decrypting a wireshark capture between a user and a server. The transaction is an e-mail with an attachment. I have not being provided with the private key and as such I am unsure how to proceed can anyone help?

Kind Regards

asked 29 Nov '15, 07:00

ArdenUK's gravatar image

ArdenUK
6112
accept rate: 0%

Haha, Interesting.. I have being given a challenge to complete (job interview) and it is a puzzling one! Only thing I have managed to do some far is convert the subject text to plain text from a ceasar cypher but the attachment which I presume has the private key is still a mystery!

(29 Nov '15, 12:26) ArdenUK

One Answer:

0

The idea of encryption is to keep data secure and "hideen" and that only those who own the key are able to decrypt the data set. So, a work assignment as described above ("Decrypting a capture without the private key"), does not make any sense, unless you omited the relevant parts in your question (see comment of @ArdenUK about caesar cipher).

So, I see the following possible reasons for such a 'work assignment'.

  • The person who asked for it, tries to probe you to see if you understand encryption
  • You misunderstood the work assignment and in reality it's about decoding a pcap file that contains SMTP traffic and/or POP3/IMAP, and not decrypting data
  • The person who asked for it has zero knowledge of encryption and does not understand that he/she is asking for the impossible
  • You are working for an ultra secure TLA (three letter agency) and you are trained with alien technology to crack even the hardest encryption algorithms. In that case, you failed miserably in several ways (Nr #1: not being able to do what you have been trained for, Nr #2: Posting about this in a public Q&A site, Nr #3: not creating your own business with such a skill set).

Please choose the most likely reason for you.

If you'd ask me, I's say item #1 and/or item #2.

@ArdenUK: similar for you, although you actually mentioned a real encryption system (caesar cipher). However: Without any information about the work assignment, how are we supposed to help or even comment on your question/problem?

Regards
Kurt

answered 30 Nov '15, 16:23

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%