 | 1 | initial version |
I would say yes, e.g., there are UATs (User Access Tables) where key material is stored in order to decrypt data streams; Wireshark can use SSL key dump files to use in decryption; remote capture setup information may contain key information.
There are no (hidden or otherwise) options to add header/footer (e.g., classification) to printed material.
PS: Do not forget to include NPcap into your evaluation, the capture engine slated as the replacement for WinPcap.
