Skip to main content
Super User

All Questions

Ask Question
Tagged with
8 questions
Newest Active Bountied Unanswered
0 votes
1 answer
2k views

How to decrypt Outlook traffic in Wireshark?

I have to follow Comparitech's SSL Decryption Guide: How to Decrypt SSL with Wireshark.  But it is not working for Outlook - Office 365 mail traffic.  I'm seeing traffic on port 443 only and it's SSL-...
jigar sheth's user avatar
jigar sheth
  • 1
3 votes
1 answer
2k views

Find string packet in decrypted data with wireshark/tshark

I am analysing a capture of encrypted traffic with wireshark. I have decrypted the traffic with the proper passphrase in wireshark and I can see the decrypted data of each frame. The point is that if ...
crato's user avatar
crato
  • 41
1 vote
0 answers
711 views

How to read/decode/parse HTTP/2.0 capture decrypted by Wireshark?

I thought Wireshark successfully decrypted an encrypted HTTP/2.0 connection once it was pointed to pre-master secrets from Firefox after setting SSLKEYLOGFILE. It shows the header when following the ...
user avatar
user179883
0 votes
1 answer
2k views

Decrypting Application Data with (Pre)-Master-Secret log file in Wireshark

I've read a few articles outlining a process for decrypting SSL/TLS traffic without a private key. Session keys are generated in a log file, which are then read from Wireshark by point to the log file....
Jade Cowan's user avatar
Jade Cowan
  • 103
1 vote
1 answer
3k views

wireshark monitor mode, decrypting capture

I have a network, which has 2 nodes (a phone, a MacBook) both are connected to same wireless network, I know the SSID and password for the wireless network password: mypassword ssid: myssid security: ...
user3833308's user avatar
user3833308
  • 113
2 votes
2 answers
3k views

How can I tell if Wireshark has sucessfully decrypted a capture

I have used Microsoft Network Monitor 3.4 in Windows 7 to create a capture file from my wireless g network by setting monitor mode. When loaded into Wireshark I can see the four way handshake and I ...
rob's user avatar
rob
  • 882
0 votes
1 answer
934 views

Decrypting WPA with wireshark

Hi I want to decrypt my WPA packets which i gathered by sniffing with airodump-ng. The problem is that even after I have the 4-way handshake packets (they are correct) i don't know how to extract the ...
Michał Wesołowski's user avatar
Michał Wesołowski
  • 101
14 votes
4 answers
43k views

Wireshark WPA 4-way handshake

From this wiki page: WPA and WPA2 use keys derived from an EAPOL handshake to encrypt traffic. Unless all four handshake packets are present for the session you're trying to decrypt, Wireshark won'...
cYrus's user avatar
cYrus
  • 21.9k