I need to find a way to get all HTTPS packet from PCAP file
Is it Ok if i'll take only TCp packets with port 443 (source or destination) or i need to check somewhere inside the packet (where ?) the URL ?
Asked
Active
Viewed 714 times
1
Mike Maggy
- 93
- 2
- 14
-
From https you will only see ssl packets with TLS protocol on top of it. Since the traffic is encrypted you cannot see whats inside it. Could be http, UDP or the plain text file of Edward Snowdens leaked NSA documents. If you get the server certificate you can decrypt the traffic but usually you wont get it. – Alois Kraus Sep 28 '14 at 17:30
-
Any suggestions how only to recognize this SSL packet ? (i just want to know how can i distinguished between SSL and regular traffic) – Mike Maggy Sep 29 '14 at 11:04
1 Answers
2
Yes, TCP port 443 would be good enough to get all HTTPS packets for most applications.
brickner
- 6,595
- 3
- 41
- 54