Project Description
NmDecrypt is a Network Monitor Expert which when given a trace with encrypted frames, a security certificate, and a passkey will create a new trace with decrypted frames added inline.

This Expert requires that you have Network Monitor 3.4 with the 3.4.2748 parser set (or above) installed. The latest parser set is available at http://nmparsers.codeplex.com.

It also requires the .NET Framework Runtime 2.0 or above.

Usage
  1. Open an already existing trace (or save a new capture).
  2. Select the TCP conversation with the encrypted traffic.
  3. Run NmDecrypt from the Experts Menu.

Supported SSL/TLS Versions

SSL 2.0
SSL 3.0
TLS 1.0
TLS 1.1

Note: For the above SSL/TLS versions the Expert does not support scenarios which involve Client Authentication and Decryption of Encrypted Alert Messages.

Supported Cipher Suites

TLSRSAWITHAES128CBCSHA
TLSRSAWITHAES256CBCSHA
TLSRSAWITHRC4128_SHA
TLSRSAWITH3DESEDECBCSHA
TLSRSAWITHRC4128_MD5
SSLCKRC4128WITH_MD5
SSLCKDES192EDE3CBCWITH_MD5
TLSRSAWITHNULLMD5
TLSRSAWITHNULLSHA

Last edited Mar 14, 2012 at 2:12 PM by PaulLong, version 6