Winsock lsp ssl trace

Winsock LSP and SSL is a complex and simple issue 🙂 basically the Winsock LSP sees the SSL session encrypted and can’t see the decrypted content of the session. It’s possible to decrypt SSL sessions, but that’s a topic for another post.

Winsock LSP can be used to trace SSL sessions to their root, you can easily get the following information about a SSL session by using LSP:

  • Originating application.
  • Source Address/Port.
  • Destination address/Port.
  • Certificate.


Leave a Reply