howtos:creating_a_decrypted_tcpdump_capture
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revisionNext revisionBoth sides next revision | ||
| howtos:creating_a_decrypted_tcpdump_capture [28/08/2022 20:52] – created domingo | howtos:creating_a_decrypted_tcpdump_capture [28/08/2022 20:54] – domingo | ||
|---|---|---|---|
| Line 21: | Line 21: | ||
| Find the field called " | Find the field called " | ||
| Locate your keylog.txt file and select it. | Locate your keylog.txt file and select it. | ||
| + | |||
| + | {{ : | ||
| Next open up the dump.pcap tcpdump file and you should now be able to see decrypted traffic. | Next open up the dump.pcap tcpdump file and you should now be able to see decrypted traffic. | ||
| Line 26: | Line 28: | ||
| If you do not find the traffic decrypted it could be that you have captured the traffic midstream, before the master secret was made. To overcome this you just need to make sure you run tcpdump before the connection is created between whatever you are trying to decrypt then you should get all the information needed in the tcpdump file. | If you do not find the traffic decrypted it could be that you have captured the traffic midstream, before the master secret was made. To overcome this you just need to make sure you run tcpdump before the connection is created between whatever you are trying to decrypt then you should get all the information needed in the tcpdump file. | ||
| - | REMEMBER to delete all the tcpdump files afterwords, it could contain passwords or other sensitive information you don't want to get in the wrong hands. | + | //**REMEMBER**// to delete all the tcpdump files afterwords, it could contain passwords or other sensitive information you don't want to get in the wrong hands. |
howtos/creating_a_decrypted_tcpdump_capture.txt · Last modified: 28/08/2022 20:56 by domingo