Capturing API SSL Traffic with Wireshark

I ran into an issue with Postman today that required me to examine the API responses from my SolidFire cluster. However, since the API payload is encrypted it takes a little extra work. When I first captured the event in question I couldn’t find the API traffic I was expecting in the Wireshark trace.

To decrypt the traffic I needed the private key used to secure the exchange. Once I had that, in Wireshark I navigated to Edit -> Preferences -> Protocols -> SSL -> RSA Keys List to get to the SSL Decrypt dialog. Here I added the management IP address  (MVIP) of the SolidFire cluster, specified http as the protocol and loaded the private key file.

Once that was done I could see the HTTP JSON POST and response calls I was interested in. Not something I think I’ll do often, but it is a neat tool to have in your back pocket. 

Incidentally, this helped me verify that some garbage characters I was seeing in a API response for GetStorageContainerEfficiency was an issue with Postman itself, not the API. Reinstalling Postman cleared up the issue.

Leave a Reply

Your email address will not be published. Required fields are marked *