Wireshark-users: Re: [Wireshark-users] QUERY: About Decrypted SSL Application in Wireshark

From: "Pattabi Kishor-HJMR73" <HJMR73@xxxxxxxxxxxx>
Date: Wed, 24 Sep 2008 13:27:53 +0800
 Hi Steve,

   Thank you very much for the reply. 
  I selected the Application Data and tried to view the selected
encrypted data using the Analyze menu and the choosing Follow SSL
Stream. But I get a dialog of Follow SSL Stream with stream contects
having 0 bytes. 
What may be the reason? Could you please assist me in this scenario?
Does it imply that there is no flow of data?

Regards and Thanks,
Kishor KP.

-----Original Message-----
From: Stephen Fisher [mailto:stephentfisher@xxxxxxxxx] 
Sent: Wednesday, September 24, 2008 1:43 PM
To: Pattabi Kishor-HJMR73
Subject: Re: QUERY: About Decrypted SSL Application in Wireshark

On Thu, Aug 28, 2008 at 02:23:48PM +0800, Pattabi Kishor-HJMR73 wrote:

> My name is Kishor. I have a query about the decrypting the Network 
> traffic in WIRESHARK. In the
> thread(http://www.mail-archive.com/wireshark-users@xxxxxxxxxxxxx/msg02
> 79
> 3.html) for viewing the Encrypted data(Application Data) The query and

> solution is as follows:

> But I could not read the Applicaiton Data. Suppose "Test Works" 
> appears on the CLIENT's screen when https://130.190.34.177/ 
> <https://130.190.34.177/> is typed. So the decrypted data will have 
> "Test Works" appearing in the Wireshark tool. Am I correct? I am 
> really unable to decrypt the data.

Yes, that is what you would see in Wireshark.  The easiest way to view
the decrypted data is under the Analyze menu and then choose Follow SSL
Stream.  You can use a sample capture file with HTTP over SSL data in it
to test your settings.  The file is available at: 
http://wiki.wireshark.org/SampleCaptures#head-bd648665beb0945adcbca8fc5d
1badf64180de43

Please direct further questions to wireshark-users@xxxxxxxxxxxxx.  I am
on that list and can respond to your inquries plus others can if I am
busy.


Steve