This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

1 How can I decrypt https from remote interface (rpcap)? I run rpcapd on my router. I use premaster keys but they work only if i run wireshark with local interface

2 It seems dumpcap with rpcap interface is working only in windows. Ubuntu says "ioctl failed: No such device"

Thank you

asked 08 Oct '16, 13:51

l0pan's gravatar image

l0pan
6113
accept rate: 0%

edited 08 Oct '16, 13:54

If the remote device can run tcpdump, then have a look at the extcap sshdump interface in the latest development versions.

This allows running tcpdump on a remote system via ssh.

(08 Oct '16, 14:00) grahamb ♦

i tried capturing with tcpdump on my router too, but i also get "decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available" Is it theoretical possible to decrypt HTTPS captured on router with premaster keys from local PC?

(08 Oct '16, 14:18) l0pan
Be the first one to answer this question!
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×319
×17

question asked: 08 Oct '16, 13:51

question was seen: 692 times

last updated: 08 Oct '16, 14:18

p​o​w​e​r​e​d by O​S​Q​A