https://community.cisco.com/t5/network-security/can-wireshark-monitor-sees-detects-encrypted-traffic/m-p/4957013#M1105731 <P>Hello&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/247357">@Ibrahim Jamil</a>,</P><P>Wireshark can only show you the encrypted data, not the decrypted content. This is because encryption is designed to secure data in transit and make it unreadable to anyone without the proper decryption keys.</P><P>When you capture encrypted traffic with Wireshark, you will see the encrypted payload, but you won't be able to understand the actual content of the data. The details of the encrypted data will look like random characters.</P><P><SPAN>If you want to inspect the contents of encrypted traffic, you would need to have access to the encryption keys as shown <a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1572274">@Blue_Bird</a>&nbsp;'s link or use methods like Man-in-the-Middle attacks...</SPAN></P> Fri, 10 Nov 2023 15:04:36 GMT M02@rt37 2023-11-10T15:04:36Z https://community.cisco.com/t5/network-security/can-wireshark-monitor-sees-detects-encrypted-traffic/m-p/4956915#M1105723 <P>Hi Guys</P><P>&nbsp;</P><P>Can wireshark monitor/sees/detects encrypted traffic, how does this wireshark look like?</P><P>&nbsp;</P><P>thanks</P> Fri, 10 Nov 2023 12:32:42 GMT https://community.cisco.com/t5/network-security/can-wireshark-monitor-sees-detects-encrypted-traffic/m-p/4956915#M1105723 Ibrahim Jamil 2023-11-10T12:32:42Z https://community.cisco.com/t5/network-security/can-wireshark-monitor-sees-detects-encrypted-traffic/m-p/4956930#M1105725 <P>Hello Ibrahim,</P><P>Yes, some cases...... you can monitor/see encrypted traffic....</P><P>Please go through the following link....to know&nbsp; the details:</P><P><A href="https://unit42.paloaltonetworks.com/wireshark-tutorial-decrypting-https-traffic/" target="_blank" rel="noopener">https://unit42.paloaltonetworks.com/wireshark-tutorial-decrypting-https-traffic/</A></P><P>Best regards<BR />*******<STRONG> If This Helps, Please Rate</STRONG> *******</P> Fri, 10 Nov 2023 13:05:03 GMT https://community.cisco.com/t5/network-security/can-wireshark-monitor-sees-detects-encrypted-traffic/m-p/4956930#M1105725 Blue_Bird 2023-11-10T13:05:03Z https://community.cisco.com/t5/network-security/can-wireshark-monitor-sees-detects-encrypted-traffic/m-p/4957001#M1105729 <P>Generally speaking, we cannot decrypt a pcap as a "man in the middle".</P> <P>If you have captured from the client in question and have the key log from a client (or the private key from a server - very unusual but possible if you own the server), you MAY be able to decrypt https traffic but this is a very rare use case.</P> <P>For some lightly protected protocols like RADIUS or TACACS+ which use shared secret text strings you can decrypt by entering the shared secret key in Wireshark.</P> <P><A href="https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Decrypt-RADIUS-and-TACACS-packet-using/ta-p/231937" target="_blank">https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Decrypt-RADIUS-and-TACACS-packet-using/ta-p/231937</A></P> <P>&nbsp;</P> Fri, 10 Nov 2023 14:46:19 GMT https://community.cisco.com/t5/network-security/can-wireshark-monitor-sees-detects-encrypted-traffic/m-p/4957001#M1105729 Marvin Rhoads 2023-11-10T14:46:19Z https://community.cisco.com/t5/network-security/can-wireshark-monitor-sees-detects-encrypted-traffic/m-p/4957008#M1105730 <P>Yes you can see packet but the data inside the packet you can not&nbsp;<BR />what you need is only use filter and filter packet with UDP 4500/500/50&nbsp;<BR />that it.<BR /><BR />Thanks A Lot <BR />MHM</P> Fri, 10 Nov 2023 14:51:43 GMT https://community.cisco.com/t5/network-security/can-wireshark-monitor-sees-detects-encrypted-traffic/m-p/4957008#M1105730 MHM Cisco World 2023-11-10T14:51:43Z https://community.cisco.com/t5/network-security/can-wireshark-monitor-sees-detects-encrypted-traffic/m-p/4957013#M1105731 <P>Hello&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/247357">@Ibrahim Jamil</a>,</P><P>Wireshark can only show you the encrypted data, not the decrypted content. This is because encryption is designed to secure data in transit and make it unreadable to anyone without the proper decryption keys.</P><P>When you capture encrypted traffic with Wireshark, you will see the encrypted payload, but you won't be able to understand the actual content of the data. The details of the encrypted data will look like random characters.</P><P><SPAN>If you want to inspect the contents of encrypted traffic, you would need to have access to the encryption keys as shown <a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1572274">@Blue_Bird</a>&nbsp;'s link or use methods like Man-in-the-Middle attacks...</SPAN></P> Fri, 10 Nov 2023 15:04:36 GMT https://community.cisco.com/t5/network-security/can-wireshark-monitor-sees-detects-encrypted-traffic/m-p/4957013#M1105731 M02@rt37 2023-11-10T15:04:36Z