Fwd: [Ethereal-users] Follow TCP Stream - illegible

[Sam Wong <swong02@xxxxxxxxx>]

If you are capturing a trace on port 443, then you
are probably trying to capture an SSL session.
SSL sessions are encrypted after they have been
established.  Therefore, Ethereal will only display
garbage.  The only thing you will be able to see
is the initial SSL handshake, which is usually
finished within a dozen or so network packets.

If you want to see decrypted content of a browser
hitting an SSL-enabled page, then you have to
trace it at a higher level.  I use a product called
TracePlus Web Detective to do this.  This product
is not under the GPL and costs $150, which I think
is a bargain considering the price of most tracing
tools is well over $1,000.  The product can be found
at:

http://www.sstinc.com/home.html

(I'm not associated with the vendor of TracePlus in
any way so I get nothing for recommending it.)

Sam
--- jerry_c_wong@xxxxxxxxxxx wrote:
> 
> Hello all,
> 
> I am new to Ethereal, please excuse my ignorance. After capturing a series
> of packets by setting filer to "host hostname and port 443", I used the
> "Follow TCP Stream" facility trying to view the packet content.
> Unfortunately, I only see illegible characters. I happened to have one
> previous capture and I can view https messages just fine. Am I miss
> configuring my installation? Thanks.
> 
> Jerry Wong
> Agilent Technologies
> IT | Information Technology
> HR Solution Delivery
> 408-553-2351
> 
> 
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-users


__________________________________________________
Do You Yahoo!?
Send FREE video emails in Yahoo! Mail!
http://promo.yahoo.com/videomail/