Wireshark mailing list archives
Re: dissecting HTTPS traffic
From: Mark Semkiw <Mark.Semkiw () commtrans org>
Date: Wed, 14 Oct 2015 16:18:55 +0000
It may not strictly be illegal but at our company we have taken the tack that we just don’t decrypt users traffic, especially sensitive usernames and passwords to sites like online banking and healthcare, it’s not worth the risk of an employee getting compromised and then coming back and saying that we had the data so we must have been the one’s that got compromised. I guess it’s more of a management decision, but I imagine depending on what country/state you are in there are also some legal issues to content with. Mark Semkiw, Senior Network Engineer CCNA CNSE WCNA From: <wireshark-users-bounces () wireshark org<mailto:wireshark-users-bounces () wireshark org>> on behalf of Noam Birnbaum Reply-To: Community support list for Wireshark Date: Tuesday, October 13, 2015 at 8:08 PM To: Community support list for Wireshark Subject: Re: [Wireshark-users] dissecting HTTPS traffic Mark, I'm curious about your statement that it's not legal to decrypt users' traffic without them being aware. Since companies are constantly asserting that they own all the data on their devices and network, why would a user's personal traffic, even if it's of a sensitive nature, be any different? Thanks! noam On Tue, Oct 13, 2015 at 9:00 AM, Mark Semkiw <Mark.Semkiw () commtrans org<mailto:Mark.Semkiw () commtrans org>> wrote: Because technically it’s not legal to decrypt users traffic without them being aware. It could reveal things like online banking passwords and such. We use PA firewalls and they have the ability to do SSL decryption but I can’t actually see the traffic, the firewall uses layer 7 inspection to and it’s own internal rule base/security signatures do decide if the traffic gets passed or not. Mark Semkiw, Senior Network Engineer CCNA CNSE WCNA From: <wireshark-users-bounces () wireshark org<mailto:wireshark-users-bounces () wireshark org>> on behalf of Noam Birnbaum Reply-To: Community support list for Wireshark Date: Monday, October 12, 2015 at 4:32 PM To: Community support list for Wireshark Subject: Re: [Wireshark-users] dissecting HTTPS traffic Curious, why wouldn't you recommend doing our own MITM attack? (And how would we do it?) On Mon, Oct 12, 2015 at 11:22 AM, Mark Semkiw <Mark.Semkiw () commtrans org<mailto:Mark.Semkiw () commtrans org>> wrote: All you can really do at that point is analyze the endpoints and see if you can get any info from that. Well I guess you could setup your own man-in-the-middle attack, but I wouldn’t suggest it. Mark Semkiw, Senior Network Engineer CCNA CNSE WCNA From: <wireshark-users-bounces () wireshark org<mailto:wireshark-users-bounces () wireshark org>> on behalf of Noam Birnbaum Reply-To: Community support list for Wireshark Date: Friday, October 9, 2015 at 4:12 PM To: "wireshark-users () wireshark org<mailto:wireshark-users () wireshark org>" Subject: [Wireshark-users] dissecting HTTPS traffic Hey folks, One of our clients has recently been having their WAN bandwidth eaten up, and we've narrowed it down to one executive's computer. Now we want to dissect that computer's traffic to see what it's doing. However, much of it is HTTPS, so we can't see the content. Any suggestions on getting a useful analysis? Thanks! ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org<mailto:wireshark-users () wireshark org>> Archives: https://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org<mailto:wireshark-users-request () wireshark org>?subject=unsubscribe ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org<mailto:wireshark-users () wireshark org>> Archives: https://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org<mailto:wireshark-users-request () wireshark org>?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- dissecting HTTPS traffic Noam Birnbaum (Oct 09)
- Re: dissecting HTTPS traffic Patrick Klos (Oct 09)
- Re: dissecting HTTPS traffic Mark Semkiw (Oct 12)
- Re: dissecting HTTPS traffic Noam Birnbaum (Oct 12)
- Re: dissecting HTTPS traffic Hugo van der Kooij (Oct 13)
- Re: dissecting HTTPS traffic Larry Rogers (Oct 13)
- Re: dissecting HTTPS traffic Mark Semkiw (Oct 13)
- Re: dissecting HTTPS traffic Noam Birnbaum (Oct 13)
- Re: dissecting HTTPS traffic Mark Semkiw (Oct 14)
- Re: dissecting HTTPS traffic gedropi (Oct 14)
- Re: dissecting HTTPS traffic Mark Semkiw (Oct 14)
- Re: dissecting HTTPS traffic miro . rovis (Oct 15)
- Re: dissecting HTTPS traffic Noam Birnbaum (Oct 12)
- Re: dissecting HTTPS traffic frnkblk (Oct 20)