Wireshark-users: Re: [Wireshark-users] dissecting HTTPS traffic

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Mark Semkiw <Mark.Semkiw@xxxxxxxxxxxxx>
Date: Tue, 13 Oct 2015 16:00:40 +0000
Because technically it’s not legal to decrypt users traffic without them being aware.  It could reveal things like online banking passwords and such.  We use PA firewalls and they have the ability to do SSL decryption but I can’t actually see the traffic, the firewall uses layer 7 inspection to and it’s own internal rule base/security signatures do decide if the traffic gets passed or not.

Mark Semkiw, Senior Network Engineer

CCNA  CNSE  WCNA


From: <wireshark-users-bounces@xxxxxxxxxxxxx> on behalf of Noam Birnbaum
Reply-To: Community support list for Wireshark
Date: Monday, October 12, 2015 at 4:32 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] dissecting HTTPS traffic

Curious, why wouldn't you recommend doing our own MITM attack? (And how would we do it?)

On Mon, Oct 12, 2015 at 11:22 AM, Mark Semkiw <Mark.Semkiw@xxxxxxxxxxxxx> wrote:
All you can really do at that point is analyze the endpoints and see if you can get any info from that.  Well I guess you could setup your own man-in-the-middle attack, but I wouldn’t suggest it.

Mark Semkiw, Senior Network Engineer

CCNA  CNSE  WCNA


From: <wireshark-users-bounces@xxxxxxxxxxxxx> on behalf of Noam Birnbaum
Reply-To: Community support list for Wireshark
Date: Friday, October 9, 2015 at 4:12 PM
To: "wireshark-users@xxxxxxxxxxxxx"
Subject: [Wireshark-users] dissecting HTTPS traffic

Hey folks,

One of our clients has recently been having their WAN bandwidth eaten up, and we've narrowed it down to one executive's computer.

Now we want to dissect that computer's traffic to see what it's doing. However, much of it is HTTPS, so we can't see the content. Any suggestions on getting a useful analysis?

Thanks!

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe