"SSL Decrypted" expects to have the private key on the AMD and to decrypt the traffic, then use HTTP analysis on the decrypted result.
"SSL" does not attempt to decrypt the traffic, and provides only TCP level and 'in the clear' SSL analysis, such as SSL handshake times.
The "SSL" analyzer is for analyzing SSL traffic when either the private key is unavailable or the use of Diffie-Hellman ciphers is not optional. Anytime the private key is available and Diffie-Hellman ciphers are not in use, the "SSL Decrypted" analyzer will give much deeper information.
Thanks for the information. I am monitoring AMD which software service is using SSL Decrypted analyzer and private key is on the AMD. From Sniffing Point Diagnostics, the software service shows three Application Protocals - HTTP, Unknown TCP and SSL. The Unknown TCP has high Unidirectional rate and TCP sessions with missing packets. Application Overview shows most of packets are SSL. How do I determine the Unknown TCP? do I need to care that? this AMD "Lost packets status" is over thresholds and showing red all the time.
have you already looked at the SSL Diagnostics from the AMD, to check if something's wrong with your SSL decryption or not?
That sounds like your feed to the AMD is incomplete and/or (most likely and) your AMD is overloaded.
If you are unable to identify the root cause(s) with the troubleshooting document Raffaele recommended, I recommend opening a
Support ticket, and using the script linked below, attach the
gather*.main.tar.bz2 compressed archive to the ticket. Currently this
script gives a little deeper SSL diagnostic information than the RUM
Console's Diagnostic Information Export. Please also note in the
Support ticket which server IP address(es) you are concerned with for the more detailed investigation.