Ok so I captured a login session but I can't see anything in wireshark, when I click 'follow tcp streams' I only see "random" strings, but no readable content. Could someone help me out? The link is here: https://www.dropbox.com/s/d0dv99hhacqz0hv/decrypted.cap?dl=0 This question is marked "community wiki". asked 01 Oct '15, 12:44  shad0w125 edited 02 Oct '15, 15:49 showing 5 of 6 show 1 more comments |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
Which stream ID do you mean?
I mean almost all of them,I've captured a login session but the only thing I could find so far was data about the web browser in use.
What do you expect to see? Network data is not always transmitted in a human readable format.
Well I've captured a login session with an email and password, the pcap file was encrypted with the old WEP standard, I then decrypted but now I can't find the login session. What I find weird is that the other pcap files were fully readable, how could I decypher these packets?
Layered security. WEP just handles the lowest (datalink) layer, while SSL rides on the transport layer. You talk about 'other pcap files' which we can't see?
So the traffic is still encrypted with SSL after decrypting WEP? Nevermind the other pcap files I mentioned, they were captured from another network, I don't even know why I mentioned it