Wireshark class 4.3 - How to analyze a packet capture Certificates & TLS Encryption Troubleshooting

Wireshark class 4.3 - How to analyze a packet capture - Certificates and TLS Encryption Troubleshooting This video is a good intro how to analyze a packet capture file or pcap, step by step. Learn to export certificates from pcap files. In this case we are troubleshooting TLS connections with emphasis on certificates. There are even some tips and tricks for people that already know Wireshark. #wireshark #pcap #TLS BONUS Wireshark filter cheat sheet. https://www.lanwan.ninja/wp-content/uploads/2024/02/LWN_wireshark_cheatsheet_11b.pdf TLS troubleshooting filter: ((tls.record.content_type || tls.handshake.type || tls.alert_message.level) && tls.record.content_type !=23) Powershell used in video - Pinned comment. There are two scenarios in this video: 1. We have an internal application that is having an issue, when users click on the application they get an error that says "Server not responding" but all is not as it seems. The error log file is not helpful either. After a chat with the apps team, you decide to take a capture. 2. We have an application that is working for five people, but not for 2 people, when they click on the app, they are getting a connection error. You call the application vendor, and they tell you it is your firewall. You do not agree with them, so you decide to take a packet capture. The apps team has an application server that is making an encrypted TLS connection to a web server. They have called the software vendor and they say that the problem is on our end, their application is workign fine. All that the log files will show us are generic "failure" errors. This one happens more than you think. So let's take a packet capture and get this issue figured out!! If you have any questions or ideas for future videos, please leave a comment and let me know. Timestamps: 00:00 Start 0:37 Certificates 1:53 Why trust a certificate 2:02 What is a Certificate Authority 2:24 Waht is a trusted Root CA 3:03 Exporting a cert from a browser 3:55 View trusted Root CAs in Windows 5:09 Scenario #1 start 5:29 NMAP scan 6:45 Mark a running capture with a ping 8:40 Using TLS troubleshooting filter 10:01 Follow TCP stream 12:43 Exporting a cert from a packet capture 15:20 Security Tip - hacking :) at the end 17:44 Updating Trusted Root CAs with Powershell