|Main Archive Page > Month Archives > full-disclosure-uk archives|
> > How is that better, really? Run tcpdump or ettercap... Either of the
> > tools are off the shelf.
> And if the site is using a self-signed cert, how does a 3rd party tcpdump
> manage to get a *decrypted* datastream? Yes, you can still do traffic analysis
> on the "X talked to Y with packet sizes A, B, and C" level, but you can't
> look at the data.
You're missing the point of my comment:
Plaintext communication => use tcpdump
Encrypted without a cert => use ettercap (or something similar)
Is there really a non-constant difference in difficulty?