This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

i was inspecting a HTTPS site and i found the certificate packet and i found this key in it

Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)

is this what i need to decrypt the traffic ??

i hope if someone could tell me what to do next in a more practical way

asked 20 Mar '16, 16:42

Mostafa%20Nafady's gravatar image

Mostafa Nafady
11224
accept rate: 0%

edited 20 Mar '16, 16:51


The Certificate packet contains the public key which cannot be used to decrypt traffic.

The mentioned cipher suite uses the Diffie-Hellman algorithm for key exchange which cannot be decrypted anyway using a RSA private key. If you are interested in browser traffic, have a look at using the SSL keylog method described at https://wiki.wireshark.org/SSL#SSL_dissection_in_Wireshark.

permanent link

answered 21 Mar '16, 03:07

Lekensteyn's gravatar image

Lekensteyn
2.2k3724
accept rate: 30%

Thanks A lot for clarifying this for me

(21 Mar '16, 07:52) Mostafa Nafady

If an answer has solved your issue, please accept the answer for the benefit of other users by clicking the checkmark icon next to the answer. Please read the FAQ for more information.

(21 Mar '16, 09:52) grahamb ♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×319
×69

question asked: 20 Mar '16, 16:42

question was seen: 1,158 times

last updated: 21 Mar '16, 09:52

p​o​w​e​r​e​d by O​S​Q​A