Hi vivek,
Please confirm that the bug had been solved in this 1234 build.Because I am experiencing the same problems in this build also.

Regards,
C.Ashok kumar

Ashok,

The bug has been solved in build #1234. Unsniff is now able to decrypt the sessions completely and I can see the two webpages in the User Objects sheet.

We are testing with our IIS and STUNNEL setup before publicly releasing the build.

I am very surprised this is still not working for you. Does the capture file you sent me decrypt properly atleast ?

It is designed to decrypt in real time. If that doesnt work can you save it in libpcap (ethereal) format and import it into Unsniff.

Regards,
Vivek Rajan

Ashok,

Just a quick check.

Are you opening the USNF file again ? If this file has been created by the old version of Unsniff it will still show the same PDUs.

You can export it via File->Export TCPDUMP, then reimport it via File->Import TCPDUMP. This will force Unsniff to run the packets through its analysis engine.

Another option is to capture live traffic again.

Hope this helps you,
Vivek

Hi vivek,
I ll get back to you after analyzing the tcpdump logs with unsniff.

Regards,
C.Ashok kumar

Hi vivek,
Thanks a lot. Now the Unsniff build 1234 is capable of decrypting the packets even after hello request. I ll get back to you if i encounter bugs.

Regards,
c.Ashok kumar