Wireshark

  • Riverbed Technology
  • WinPcap
the world's foremost network protocol analyzer
  • Wireshark
    • About
    • Download
    • Blog
  • Get Help
    • Ask a Question
    • FAQs
    • Documentation
    • Mailing Lists
    • Online Tools
    • Wiki
    • Bug Tracker
  • Develop
    • Get Involved
    • Developer's Guide
    • Browse the Code
    • Latest Builds

Wireshark-users: Re: [Wireshark-users] [Wireshark-announce] Question about the private key of a homerouter for SSL decryption

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next


From: "Barrett, John" <john.barrett@xxxxxxx>
Date: Thu, 2 Apr 2009 10:54:46 -0400

If you do not have access to the private key, then you can't get it from anyplace to put into wireshark. If you could, then that would be a HUGE security hole. Now with that said, you can still sniff traffic on an encrypted connection, if you put in some sort of man in the middle proxy. You could set up a proxy that would act on your behalf between you and the web sever. You could then take have it come at you in clear text and could sniff it that way or re-encrypt it, get the private cert and decrypt it with Wireshark. You would have to set up a man in the middle, which might defeat the purpose of what you are trying to sniff. This is all based on the understanding that you are trying to look at layer 7 (I.E. text that occurs in the encrypted packet).  If you are trying to look at handshakes and such, then you could use Wireshark for that or even better SSLDump.
 
 
 
From: wireshark-announce-bounces@xxxxxxxxxxxxx [mailto:wireshark-announce-bounces@xxxxxxxxxxxxx] On Behalf Of Wireshark announcements
Sent: Wednesday, April 01, 2009 2:39 PM
To: wireshark-announce@xxxxxxxxxxxxx
Subject: [Wireshark-announce] Question about the private key of a homerouter for SSL decryption

Dear all,

I hope you may be able to help me. I am trying to debug and understand my network but have run into trouble when handling SSL packets. To make it easier to understand where I am up to, here are some details:

  • Currently I am using Wireshark on a windows PC.
  • Clearly I have physical access to the router and network switches, and access to my router's configuration / diagnostics etc.
  • I understand that to view SSL packets in Wireshark I need to obtain the private key from the SSL certificate on the server, decrypt it with open SSL and then load it as a .pem into Wireshark. (I think that's correct, please tell me if not).

The problem I'm having is that I can't export any certificates in the .pfx Personal Information Exchange format which I need, to be able to export the private key with the certificate.

If I am using a standard home router like the linksys except it's made by 2wire, is there some way I can get it off there?

Thank you in advance and I hope someone can point me in the right direction.

How

Windows Live Messenger just got better. Find out more!
  • Prev by Date: Re: [Wireshark-users] [Bug 3360]Wiresharkgivesdecodingerrorduring rnsap messagedissection
  • Next by Date: Re: [Wireshark-users] [Wireshark-announce] Question about the private key of a home router for SSL decryption
  • Previous by thread: Re: [Wireshark-users] [Bug 3360]Wiresharkgivesdecodingerrorduring rnsap messagedissection
  • Next by thread: Re: [Wireshark-users] [Wireshark-announce] Question about the private key of a home router for SSL decryption
  • Index(es):
    • Date
    • Thread

Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation