cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
295
Views
1
Helpful
4
Replies

Can wireshark monitor/sees/detects encrypted traffic

Ibrahim Jamil
Level 6
Level 6

Hi Guys

 

Can wireshark monitor/sees/detects encrypted traffic, how does this wireshark look like?

 

thanks

4 Replies 4

Gopinath_Pigili
Spotlight
Spotlight

Hello Ibrahim,

Yes, some cases...... you can monitor/see encrypted traffic....

Please go through the following link....to know  the details:

https://unit42.paloaltonetworks.com/wireshark-tutorial-decrypting-https-traffic/

Best regards
******* If This Helps, Please Rate *******

Marvin Rhoads
Hall of Fame
Hall of Fame

Generally speaking, we cannot decrypt a pcap as a "man in the middle".

If you have captured from the client in question and have the key log from a client (or the private key from a server - very unusual but possible if you own the server), you MAY be able to decrypt https traffic but this is a very rare use case.

For some lightly protected protocols like RADIUS or TACACS+ which use shared secret text strings you can decrypt by entering the shared secret key in Wireshark.

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Decrypt-RADIUS-and-TACACS-packet-using/ta-p/231937

 

Yes you can see packet but the data inside the packet you can not 
what you need is only use filter and filter packet with UDP 4500/500/50 
that it.

Thanks A Lot
MHM

M02@rt37
VIP
VIP

Hello @Ibrahim Jamil,

Wireshark can only show you the encrypted data, not the decrypted content. This is because encryption is designed to secure data in transit and make it unreadable to anyone without the proper decryption keys.

When you capture encrypted traffic with Wireshark, you will see the encrypted payload, but you won't be able to understand the actual content of the data. The details of the encrypted data will look like random characters.

If you want to inspect the contents of encrypted traffic, you would need to have access to the encryption keys as shown @Gopinath_Pigili 's link or use methods like Man-in-the-Middle attacks...

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
Review Cisco Networking for a $25 gift card