Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] Decrypted session transcripts from pcap?

From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Date: Fri, 26 Sep 2008 07:59:50 +0200
Hi Jim,

Well, without proper keys that is going to be a problem.
And also: make sure you've got the legal angle covered! These are tricky subjects.

Thanx,
Jaap

Jim Balo wrote:
The other day we had a situation where an employee was involved in some questionable activities. We were concerned that sensitive data had left the company, so I analyzed the pcaps from this employees Internet activities. I found some suspcious MSN messenger sessions (over regular port 80), but the payload appeared to be encrypted, making it a real pain to try find out what actually took place. Is there any tool out there that can generate decrypted (or similar) session transcripts from pcap files for common protocols (like messenger)? Some sessions involve ftp uploads, and since I have the full pcap files, I should be able to recreate the file uploaded so that I can view it in the proper app (like a word or excel file) - is there any tool for this out there? Thanks,
JB