Hi Jim,
Well, without proper keys that is going to be a problem.
And also: make sure you've got the legal angle covered! These are tricky subjects.
Thanx,
Jaap
Jim Balo wrote:
The other day we had a situation where an employee was involved in some
questionable activities. We were concerned that sensitive data had left
the company, so I analyzed the pcaps from this employees Internet
activities. I found some suspcious MSN messenger sessions (over regular
port 80), but the payload appeared to be encrypted, making it a real
pain to try find out what actually took place.
Is there any tool out there that can generate decrypted (or similar)
session transcripts from pcap files for common protocols (like messenger)?
Some sessions involve ftp uploads, and since I have the full pcap files,
I should be able to recreate the file uploaded so that I can view it in
the proper app (like a word or excel file) - is there any tool for this
out there?
Thanks,
JB