Wireshark-users: Re: [Wireshark-users] How do I identify SSL secured FTP session?
Quoting Shai Ben-Naphtali <shai@xxxxxxxxxx>:
Hello,
I'm not looking to decrypt it, I just want to make sure that my FTP session
to the remote server, is really encrypted... and so I wanted to use
Wireshark to try and identify that the traffic going in/out of my NIC is
encrypted.
How I can I do that?
---
Shai
Good Day Shai-
I find myself looking at many wireshak captures trying to identify
connectivity issues that are over SSL.
Since I am not looking to decrypt the capture, but rather make sure
the handshake is made and that application data is being passed. I
make a display filter for either the client IP or destination IP or
hostname.
Once I identify the traffic, I right click and select follow SSL
stream which will display all the packets for the selected
event/connection.
http://wiki.wireshark.org/SSL
If you download and open the example of the link above, you can see a
complete SSL connection which is what you will also want to look for
in your capture.
The way you will be able to determine is by making sure the source and
destination IPs are those that your FTP client is using to connect to
the remote location.
Sake Blok - has a beautiful :) Power Point presentation that I think
you should read which details how you can use Wireshark to read SSL
communication. It can be obtained at this link.
http://www.lovemytool.com/blog/2009/06/sake_blok_11.html
Cheers-
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
