What is the process for deciphering network frames with Suricata?

a_m · September 4, 2024, 12:32pm

Please include the following information with your help request:

Suricata version 8.0.0-dev

Operating system and/or Linux distribution ubuntu 23.10

How you installed Suricata (from source, packages, something else)
from repo github

do i must use sskey.log ,with the environment variable added: export SSLKEYLOGFILE="/home/alexandre/sslkey.log" in file ~/. bashrc? as for wireshark ? and how

and for the frames of the systems , is what I have to use the certificates in /etc/ssl/certs? I also have a file in /etc/ssl/private

regards

Jeff_Lucovsky · September 4, 2024, 12:34pm

I think you’re asking if Suricata can decrypt files and then inspect the unencrypted contents. No, Suricata will not perform this function.

a_m · September 4, 2024, 1:18pm

Is it possible to add this feature in this situation?

Jeff_Lucovsky · September 4, 2024, 1:29pm

Anything’s possible but it’d start with a redmine ticket.

a_m · September 5, 2024, 7:59pm

Hello,
what is redmine ticket ?
Regards

satta · September 6, 2024, 7:06am

Opening a feature request ticket here: https://redmine.openinfosecfoundation.org/