You should not (under normal circumstances) be able to read anything out of
the https packets other than the layer 2, 3, and 4 information. The data
payload should look much like the packets you see when graphics are
transmitted as part of a web page.
Your company may want to consider an encryption-offload device which can sit
in front of the web server doing the encryption/decryption of SSL in
hardware. This has two advantages - your web server will be fast enough to
turn the logs back on once it doesn't have to encrypt traffic on its own,
and if you still needed to sniff you can then see the unencrypted traffic
between the encryption-offload device and the server.
----- Original Message -----
From: "Robert Casto" <robert@xxxxxxxxxxxxx>
To: <ethereal-users@xxxxxxxxxxxx>
Sent: Saturday, January 18, 2003 11:15 AM
Subject: [Ethereal-users] Sniffing HTTP and HTTPS requests
I am trying to sniff HTTP and HTTPS request so I know what page is
requested. The reason for doing this is that the web server is too busy
to log the requests itself. The performance goes way down when logging
is turned on.
I can get the HTTP packets and see the headers and find out what page
was requested. I then write that information to a log and thus I have
the information I need. The problem is that HTTPS delivers encrypted
packets and I can not see what page was requested. Is there any way to
find out the URL that was requested on the server?
Robert Casto
Tel (513) 755-2221
Cell (513) 349-5282
robert@xxxxxxxxxxxxx
http://www.cincijava.com
_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users