Error:
An unexpected error occurred. Please click Reload to try again.
Error:
An unexpected error occurred. Please click Reload to try again.
The key log file is created but after loading it in Wireshark s... - Knowledge Base - Palo Alto Networks

The key log file is created but after loading it in Wireshark sessions are not decrypted

1047
Created On 09/10/24 20:20 PM - Last Modified 09/11/24 20:22 PM


Symptom




Environment


  • Next Generation Firewall
  • SSL Decryption
  • Windows browser (Chrome or Firefox)


Resolution


  1. Make sure Wireshark starts capturing before the browser is started and any sites are visited to make sure the beginning of the session is captured.
  2. The session must be captured from the beginning to decrypt.
  3. Check that the customer does not have any security programs doing SSL/TLS decryption on the client computer.
    1. This will break decryption because the keys saved by the browser will be before the man-in-the-middle but the packet capture happens on the network interface after it so they don't match.
    2. The customer must disable any programs doing decryption on the client computer for key logging to work.


Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000PQc5CAG&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language