|Main Archive Page > Month Archives > full-disclosure-uk archives|
On Mon, 05 Jan 2009 12:47:20 PST, Tim said:
> How is that better, really? Run tcpdump or ettercap... Either of the
> tools are off the shelf.
And if the site is using a self-signed cert, how does a 3rd party tcpdump manage to get a *decrypted* datastream? Yes, you can still do traffic analysis on the "X talked to Y with packet sizes A, B, and C" level, but you can't look at the data.