none
Decrypt SSL/TLS (NmDecrypt) with Message Analyser RRS feed

Answers

  • Not at this point, but it is a feature we are investigating.  For now, you can decrypt with Network Monitor and view in Message Analyzer. 

    Paul

    • Marked as answer by Paul E Long Wednesday, October 2, 2013 2:47 PM
    Tuesday, October 1, 2013 5:34 PM

All replies

  • Not at this point, but it is a feature we are investigating.  For now, you can decrypt with Network Monitor and view in Message Analyzer. 

    Paul

    • Marked as answer by Paul E Long Wednesday, October 2, 2013 2:47 PM
    Tuesday, October 1, 2013 5:34 PM
  • Hi Paul,

    Great work on the new product.  I'm pretty sure the answer to this is no, but figured I'd ask to be sure.  Is there a way to use 'netsh trace' to capture the same traffic as the "Web Proxy" trace in Message Analyzer, which does provide the decrypted session information?

    Thanks, Mike


    Wednesday, November 20, 2013 10:38 PM
  • Hey Mike,

    One of the great things about Message Analyzer is it's ability to capture elsewhere on the stack across any ETW provider.  So, if you can capture stuff with netsh, you should be able to configure Message Analyzer to do something similar.

    Paul has a blog post about it here: http://blogs.technet.com/b/messageanalyzer/archive/2013/03/04/network-capture-is-dead.aspx


    Michael Hawker

    Wednesday, February 12, 2014 1:05 AM
  • NMDecrypt is not useful for my purposes as it doesn't understand TLS 1.2 or newer ciphers. Getting to be too old to be useful.
    Thursday, June 5, 2014 1:23 AM
  • Use Wireshark as it supports this feature.
    Thursday, June 5, 2014 1:24 AM