Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

How to Decrypt Lync communication using

advertisement 
Use Network Monitor to capture and
decrypt Lync TLS traffic
Network monitor can be run on either Lync server or user’s computer, this guide below is for Netmon
installed on Lync server
A. Install Network Monitor
1. Follow step below to install and configure Lync parser for Network Monitor
B. Capture the traffics
2. Start capturing traffic by clicking on New Capture then click Start
Note: to capture the traffic properly, it’s recommended to restart the Lync service first.
3. Once the capture has completed, click Stop.
4. Save the capture to local hard disk
C. Decrypt the traffics
5. Filter the TLS traffics by type in TLS in the Display Filter box and click Apply
6. Since the capture is done on Lync server, the result might include connections
from multiple clients to server; a filter can be customized further to narrow
down the number of packet to be analyzed for the specific problematic client.
a. Filter by IP address:
b. Filter by Sessions (Conversation ID)
Conversation ID of the sessions can be seen at the Conv ID column
Once the traffics have been filtered accordingly, save another copy of it to
different location (make sure to select Displayed frames)
7. To decrypt TLS information, we will need to have the certificate that the server
used to encrypt it. The certificate serial number can be found on the frame
TLS:TLS Rec Layer-1 HandShake: Server Hello. Certificate. Certificate Request. Server
Hello Done.
Look at the Frame Details box at the bottom left corner, expand TLS 
TlsRecordLayer  SSLHandshake  Cert:0x1
Expand the cert, find and write down the SerialNumber information of the
certificate.
8. On FrontEnd server, open Certificate MMC and select Computer Account 
Local Computer
Expand Personal  Certificates; find the certificate that has serial number
matched with the one from traffic captured
Export the cert together with the private key in PFX format
9. From Netmon, launch Decryption Expert
Select the certificate, key in the password and select the output for log as well
as decrypted capture and then click Start
Once the decrypt process has completed, Netmon will open the output file
automatically. Sometimes you will see the below error show up, means that
you have to browse and open the output file manually.
10. Now on the decrypt traffic capture, you can filter by either HTTP or SIP to see
the information as required.
Related documents
Child Protection study day 12th June 2007
Child Protection study day 12th June 2007
Application for Land Value Tax Rate Applicable to Land Used for
Application for Land Value Tax Rate Applicable to Land Used for
PAFCPIC "We Care Abuloy"
PAFCPIC "We Care Abuloy"
Application for Land Value Tax Rate Applicable to Land Used for
Application for Land Value Tax Rate Applicable to Land Used for
Enhancing Research Practice Programme
Enhancing Research Practice Programme
TLS 1.2 and SHA 256 Vendor Letter 9.29.15
TLS 1.2 and SHA 256 Vendor Letter 9.29.15
PPT - fjhirsch
PPT - fjhirsch
Secure Socket Layer (SSL), and its newer revision
Secure Socket Layer (SSL), and its newer revision
entire rubric
entire rubric
Use standards to increase e-mail security
Use standards to increase e-mail security
slides - Martin Kaiser
slides - Martin Kaiser
Small Commercial Sales Guide
Small Commercial Sales Guide
1 - OpenLoop.com
1 - OpenLoop.com
4 - Iowa State Education Association
4 - Iowa State Education Association
TLS_Report_Part1_Mai..
TLS_Report_Part1_Mai..
Cert Auth
Cert Auth
This policy applies to testing of the Audit Trail and Node
This policy applies to testing of the Audit Trail and Node
New Crypto 101
New Crypto 101
Lecture 4: Transport Layer Security (secure Socket Layer) SSL/TLS
Lecture 4: Transport Layer Security (secure Socket Layer) SSL/TLS
Configure Lync 2010 to work with an SBC
Configure Lync 2010 to work with an SBC
Lucky 13, BEAST, CRIME,... Is TLS dead, or just resting?
Lucky 13, BEAST, CRIME,... Is TLS dead, or just resting?
Kurzanleitung für das Outlook AddIn "Audi E
Kurzanleitung für das Outlook AddIn "Audi E
Download
advertisement