If you want to know more about it, join my Slack Workspace or send me an email. If you consider some parts of this post, you will be more successful in analyzing packet captures with Wireshark!
When the scan completes in Nessus, Stop the PCAP in Wireshark. Select the Blue 'Fin' icon to the left of Stop to start a new packet capture. In case you know other reasons, I am happy to hear them. Select the Stop button directly under the File and Edit Menus. Probably there are many more reasons why your files are not loading fast. My solution was to remove the file name from the field (Pre)-Master-Secret log filename in Wireshark. If you just want to look at the packets, filter them, and analyse them, just open the file from Wireshark or double-click on the file from outside. It seems that Wireshark is trying to decrypt the traffic with each of the keys in the log file and in case the key log file reaches a significant amount of size, Wireshark just takes ages to load your file. Answer: It’s not clear what you mean with playing a PCAP file. Now 3 month later (even not remembering I configured it) I was running into the problem with the file opening. This is exactly what i did and it did not cause problems at the beginning. You can also decrypt the traffic with Wireshark automatically by telling it where to find the key file via “ Edit > Preferences > Protocols > SSL > (Pre)-Master-Secret log filename“. It is useful in case you want external programs to decrypt TLS traffic. In October 2017 I was visiting a presentation for HTTP2 at Velocity Conference in London ( I really recommend you to go there).ĭuring that presentation I set the environment variable SSLKEYLOGFILE which points to a file and keep track of key logs. Unfortunately it did not solve my problem.
The suggested solution in the forum was to disable the DNS resolution by unchecking “Edit > Preferences > Name Resolution > Resolve Network (IP) addresses”.
0 kommentar(er)
