Wireshark · Wireshark-users: [Wireshark-users] Only Seeing part of SSL packets

Wireshark-users: [Wireshark-users] Only Seeing part of SSL packets

From: "Al Aghili" <aaghili@xxxxxxxxxxxxxxxxxx>

Date: Tue, 22 Apr 2008 06:26:32 -0600

Hi,

We are using tshark to get visibility into our SSL environment. In some case tshark only decrypts the requests but not the responses when run in http protocol. So our parameter looks like this

ssl.keys_list:192.168.15.30,443,http,/home/application/cert.pem

if we run tshark with the following command

ssl.keys_list:192.168.15.30,443,data,/home/application/cert.pem

We can see both the decrypted request and response but in the data format. Why is that it can’t decrypt the response in http protocol but it can in data protocol?

I appreciate any insight

Al Aghili

Managed Methods Inc.

www.managedmethods.com

(P) (720) 222-2694

Prev by Date: Re: [Wireshark-users] LINKTYPE_ATM_RFC1483 (code 100) - is there a problem?
Next by Date: [Wireshark-users] install wireshark 1.0.0 cent OS 5
Previous by thread: Re: [Wireshark-users] Can I measure network load with wireshark?
Next by thread: [Wireshark-users] install wireshark 1.0.0 cent OS 5
Index(es):
- Date
- Thread