Project Description
NmDecrypt is a Network Monitor Expert which when given a trace with encrypted frames, a security certificate, and a passkey will create a new trace with decrypted frames added inline.

NOTE: Message Analyzer 1.1 is the replacement for Network Monitor and has decryption expert built-in now. See the blog for info and a link to the download http://blogs.technet.com/MessageAnalyzer. We are no longer maintaining this version, so please focus use and feedback on Message Analyzer.



This Expert requires that you have Network Monitor 3.4 with the 3.4.2748 parser set (or above) installed. The latest parser set is available at http://nmparsers.codeplex.com.

It also requires the .NET Framework Runtime 2.0 or above.

Usage
  1. Open an already existing trace (or save a new capture).
  2. Select the TCP conversation with the encrypted traffic.
  3. Run NmDecrypt from the Experts Menu.

Supported SSL/TLS Versions

SSL 2.0
SSL 3.0
TLS 1.0
TLS 1.1

Note: For the above SSL/TLS versions the Expert does not support scenarios which involve Client Authentication and Decryption of Encrypted Alert Messages.

Supported Cipher Suites

TLSRSAWITHAES128CBCSHA
TLSRSAWITHAES256CBCSHA
TLSRSAWITHRC4128_SHA
TLSRSAWITH3DESEDECBCSHA
TLSRSAWITHRC4128_MD5
SSLCKRC4128WITH_MD5
SSLCKDES192EDE3CBCWITH_MD5
TLSRSAWITHNULLMD5
TLSRSAWITHNULLSHA

Last edited Nov 7 at 5:39 PM by PaulLong, version 10