1 How can I decrypt https from remote interface (rpcap)? I run rpcapd on my router. I use premaster keys but they work only if i run wireshark with local interface 2 It seems dumpcap with rpcap interface is working only in windows. Ubuntu says "ioctl failed: No such device" Thank you asked 08 Oct '16, 13:51  l0pan edited 08 Oct '16, 13:54 |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
If the remote device can run tcpdump, then have a look at the extcap sshdump interface in the latest development versions.
This allows running tcpdump on a remote system via ssh.
i tried capturing with tcpdump on my router too, but i also get "decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available" Is it theoretical possible to decrypt HTTPS captured on router with premaster keys from local PC?