NMDecrypt Lync 2013 TLS 1.2 Traffic RRS feed

  • Question

  • Hello,

    i just tried to decrypt some SSL Traffic between the Lync 2013 Client and the Exchange 2010 EWS. Therefore i followed the instructions in this article: http://blogs.technet.com/b/nexthop/archive/2012/02/15/how-to-decrypt-lync-2010-tls-traffic-using-microsoft-network-monitor.aspx

    When decrypting i get the following error in the log:

    -.-.-.-.-.-.- SSL Decryption Log -.-.-.-.-.-.-

    Log Created On: 24.03.2014 11:13:33

    NMDecrypt Version:
    NMAPIs Initialized.
    Initializing Netmon Parsers...
    sparser.npb:001.000 Successfully unserialized NPL parser 'C:\ProgramData\Microsoft\Network Monitor 3\NPL\NetworkMonitor Parsers\Profiles\64BAA24A-0AAD-44e6-9846-3BE43D698FF6\sparser.npb.
    Netmon Parsers initialized successfully.
    Adding SSLVersionSelector Display Filter...
    Display Filter added successfully
    Adding Conversation.TCP.Id == 2 Conversation Filter...
    Conversation Filter, Conversation.TCP.Id == 2 added successfully
    SSL Version Filter added successfully
    Adding Conversation.TCP.Id == 2 Conversation Filter...
    Eval Parser Conversation Filter, Conversation.TCP.Id == 2 added successfully
    This Netmon Version is supported
    ****Warning***: We've tested with version: 03.04.2748.0001.  Your version is: 03.04.2978.0001 0000. This might cause problems if the TLS/SSL parsers have changed significantly.
    Opening Encrypted Capture File: C:\Users\USERNAME\Desktop\tls.cap
    Creating Decrypted Capture File: C:\Users\USERNAME\Desktop\decrypt.cap
    Proposing Init Filter String of Ethernet.Ipv4.Tcp.TCPPayload.TLSSSLData
    EXCEPTION: Error: Couldn't Select TLS or SSL based on Version Info
    Using Init Filter String of Ethernet.Ipv4.Tcp.TCPPayload.TLSSSLData.
    This SSL version is not supported.

    -.-.-.-.-.-.- SSL Decryption Log Ends-.-.-.-.-.-.-

    Is it possible that nmdecrypt does not support the ssl 1.2 version? in the packet i can see the ssl version 1.2 is used.

    Any ideas?

    Monday, March 24, 2014 10:22 AM

All replies

  • It does not, but interestingly somebody I believe is working on an update to support 1.2.  I haven't checked on the codeplex project recently, but perhaps we will support in the future.


    Friday, April 4, 2014 3:08 PM
  • Any solution so far available?
    Monday, June 29, 2015 4:02 PM