locked
Decode MTLS data RRS feed

  • Question

  • Hi All,

    Is there a way to decode captured SSL data ?

    I'm troubleshoting SIP and captured traffic is SSL encrypted, I'm capturing on the server and certificate is installed on the same server.


    GBG
    Tuesday, June 8, 2010 6:28 AM

All replies

  • We do have an SSL encryption expert on http://www.codeplex.com/nmexperts.  It was designed for HTTP traffic, but you can see how it works with SIP.  It does require that you ahve the private certificate from the server and the entire SSL conversation, including the full negotiation.

    If the expert isn't working for you, please let us know as  it is new and there are some known limitations which we expect to fix soon.

    Thanks,

    Paul

    Tuesday, June 8, 2010 2:06 PM
  • Thank you Paul,

    NMDecrypt was installed, but what to do next ? I have "SSL: Appication Data" captured , how to decrypt it ?


    GBG
    Wednesday, June 9, 2010 7:24 AM
  • If you select the expert form the expert menu and open the help, there's a detailed description of how to use the expert.  But in general you select a specific TCP converstation and run the expert.  You can also look at this blog for additonal info:

    http://blogs.technet.com/b/netmon/archive/2010/03/08/expert-to-decrypt-tls-ssl-traffic.aspx

    Paul

    Wednesday, June 9, 2010 2:19 PM