Hello! I'm trying to do same thing under smtp (destination port is 465) under Windows. How can i do that? asked 29 Mar '17, 02:11 icegood converted to question 29 Mar '17, 04:08 grahamb ♦ |
One Answer:
The current Wireshark version (2.2.5) should decode SMTPS (SMTP over SSL) on port 456/TCP as SSL per default. When your able to decode the encrypted data (e.g. with the RSA key in use or with the premaster secret) the application data should also be decoded as SMTP by default. If your capture has not been decoded as SSL please use the „Analyze“ -> „Decode As“ feature. answered 29 Mar '17, 11:40 Uli edited 29 Mar '17, 11:43 |
Converted to a question from an "answer" on this question.