Project DescriptionNmDecrypt is a Network Monitor Expert which when given a trace with encrypted frames, a security certificate, and a passkey will create a new trace with decrypted frames added inline.
This Expert requires that you have Network Monitor 3.4 with the 3.4.2748 parser set (or above) installed. The latest parser set is available at
http://nmparsers.codeplex.com.
It also requires the .NET Framework Runtime 2.0 or above.
Usage
- Open an already existing trace (or save a new capture).
- Select the TCP conversation with the encrypted traffic.
- Run NmDecrypt from the Experts Menu.
Supported SSL/TLS VersionsSSL 2.0
SSL 3.0
TLS 1.0
TLS 1.1
Note: For the above SSL/TLS versions the Expert does not support scenarios which involve Client Authentication and Decryption of Encrypted Alert Messages.
Supported Cipher SuitesTLS
RSAWITH
AES128
CBCSHA
TLS
RSAWITH
AES256
CBCSHA
TLS
RSAWITH
RC4128_SHA
TLS
RSAWITH
3DESEDE
CBCSHA
TLS
RSAWITH
RC4128_MD5
SSL
CKRC4
128WITH_MD5
SSL
CKDES
192EDE3
CBCWITH_MD5
TLS
RSAWITH
NULLMD5
TLS
RSAWITH
NULLSHA