Wireshark - reading encrypted data [closed]

Question

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.

---

We don’t allow questions about general computing hardware and software on Stack Overflow. You can edit the question so it’s on-topic for Stack Overflow.

Closed last year.

Improve this question

I'm trying to learn how to use Wireshark properly and I'm wondering if Wireshark can read encrypted data it captures when sniffing? If so, how do I initiate this?

Answer 1

Wireshark supports decrypting SSL/TLS sessions if you provide it the private key the server uses to do key exchange. If if a cipher suite is chosen that uses ephemeral keys, you will not be able to decrypt data. UPDATE: Some TLS libraries can now dump per session key exchange secrets to a file for debugging. Wireshark can use that to decrypt the relevant TLS sessions even if ephemeral keys are used.

You can read more about this capability on the Wireshark wiki for SSL.

See also this linked answer for How to view Encrypted Application Data in Wireshark

Answer 2

Wireshark can dissect some types of encrypted data, in some circumstances; this includes SSL/TLS sessions, as per Dev's answer, and also includes WEP and WPA/WPA2 PSK 802.11 traffic, if you have the network password and, in the case of WPA/WPA2, the initial EAPOL handshake. For that, see the Wireshark Wiki's "How to Decrypt 802.11" page.