ssl, ring buffers and wireshark
Hi,
I've got tshark running fine with decryption for ssl traffic, but I was wondering....
In order for ssl to decrypt properly the ssl.handshake has to be in the tracefile. If I'm using a ring buffer for capturing to keep the file sizes down for analyzing, for instance 5 50mb tracefiles, and the ssl.handshake is in the 1st trace file, how does wireshark handle decrypting ssl traffic within the subsequent trace files, like file 2, 3, 4 and 5 of the capture for instance?
Thanks,
John
I've got tshark running fine with decryption for ssl traffic, but I was wondering....
In order for ssl to decrypt properly the ssl.handshake has to be in the tracefile. If I'm using a ring buffer for capturing to keep the file sizes down for analyzing, for instance 5 50mb tracefiles, and the ssl.handshake is in the 1st trace file, how does wireshark handle decrypting ssl traffic within the subsequent trace files, like file 2, 3, 4 and 5 of the capture for instance?
Thanks,
John
- Status
- Not open for further replies.
1 - 1 of 1 Posts
1 - 1 of 1 Posts
- Status
- Not open for further replies.
Tech Support Forum
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Top Contributors this Month
View All
spunk.funk
147 Replies
SpywareDr
53 Replies
wolfen1086
43 Replies
Recommended Communities
