This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

decrypt ssl from remote interface

0

1 How can I decrypt https from remote interface (rpcap)? I run rpcapd on my router. I use premaster keys but they work only if i run wireshark with local interface

2 It seems dumpcap with rpcap interface is working only in windows. Ubuntu says "ioctl failed: No such device"

Thank you

asked 08 Oct '16, 13:51

l0pan's gravatar image

l0pan
6113
accept rate: 0%

edited 08 Oct '16, 13:54

If the remote device can run tcpdump, then have a look at the extcap sshdump interface in the latest development versions.

This allows running tcpdump on a remote system via ssh.

(08 Oct '16, 14:00) grahamb ♦

i tried capturing with tcpdump on my router too, but i also get "decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available" Is it theoretical possible to decrypt HTTPS captured on router with premaster keys from local PC?

(08 Oct '16, 14:18) l0pan