Hello, welcome to the Tuesday, February 14th, 2017 edition of the Sansanet Storm Center's

Stormcast. My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

If you ever looked for a way to make packet analysis simpler, there is a great new website out there,

packettotal.com. This site does allow you to upload a packet capture, and it will then summarize it for you

by running it through Pro and Suricata.

Now, that part you could probably do yourself, but it also creates a real nice sort

of graphic layout, timeline, and splits out protocols and the like to explain kind

of the traffic for you that it found in the packet capture. A real nice site. I highly recommend

that you give it a spin. Of course, do not upload any confidential information to it. All data

that you upload to the site is being shared.

With more and more websites implementing TLS, I think the latest numbers are more than 50% of

traffic is taking advantage of some form of TLS or SSL. It has become more and more important,

of course, to inspect that traffic and one route many

organizations take is to use proxies to intercept TLS.

Rob wrote a diary summarizing some of the lessons that he learned when he implemented a system

like that.

For example, what sites to whitelist and what type of

TLS you will not be able to intercept without breaking applications.

For example, if certificate pinning is in place and the like, then of course the application

will be able to figure out that it's being intercepted and it may no longer work.

So if you're planning to do that, take a look at Rob's diary and of course.

I think a month ago I had a webcast with some of the techniques and such you can use to inspect TLS traffic

...