I've used Microsoft Network Monitor 3.x before for various reasons but realized today I don't know how to tell the URL inside a conversation. I've got it set for "Windows" Parser Profile and I see a list of TCP and TLS packets, but was hoping there was an easy trick to decipher the HTTP URL requested in the packet details. Fiddler isn't showing me anything for this app accessing the web so I've resorted to netmon which shows me conversations but not sure how to dig out URL's, if possible.
Windows – How to see http/https URL’s in Microsoft Network Monitor 3.x capture files
network-monitoringpacket-capturewindows
Related Solutions
If you do have a spare PC smoothwall/ipcop is an excellent solution and the configuration/installation is a 10 minute job. I'd also recommend the advanced proxy add on.
Try ntop. From the description:
ntop is a network traffic probe that shows the network usage, similar to what the popular top Unix command does. ntop is based on libpcap and it has been written in a portable way in order to virtually run on every Unix platform and on Win32 as well.
Here's a screenshot showing some of the automatic graphs that it produces:
Best Answer
There is an open source NetMon "expert" that can decrypt SSL. As long as you're using one of the cipher suites it supports and, obviously, you have the appropriate private key you should be able to decrypt the traffic.