Wireshark
the world's foremost network protocol analyzer
Wireshark-users: [Wireshark-users] wireshark ssl decryption for dummies
From: Andrew Schweitzer <a.schweitzer.grps@xxxxxxxxx>
Date: Tue, 12 Sep 2006 10:23:14 -0400
Hello, I'm trying to decrypt some SSL traffic.The connection initiator talk to port 37000. It talks a proprietary protocol (one not present in wireshark). I have the keys of the initiator and the listener. I am capturing on the listener. What should my RSA keys list be?
Should it be: 127.0.0.1,3700,3700,e:\keys\initiator.key? or maybe 127.0.0.1,3700,3700,e:\keys\listener.key? I don't get decrypted data in either case. SSL log says, in second case: ===Begin SSL log=== ssl_init keys string 127.0.0.1,37000,37000,c:\keys\initiator.key ssl_init found host entry 127.0.0.1,37000,37000,c:\keys\initiator.key ssl_init addr 127.0.0.1 port 37000 filename c:\keys\initiator.key ssl_get_version: 1.5.0 ssl_init private key file c:\keys\initiator.key successfully loaded association_add port 37000 protocol 37000 handle 00000000 ===End SSL log===Can decryption only occur if the conversation is sniffed from its beginning?
Do I need both initiator and listener keys?Why is there both a port and protocol specified? How would you differentiate two protocols on the same port? What if the protocol is unknown, (or at least there's no dissector for it?)
Thanks
- Follow-Ups:
- Re: [Wireshark-users] wireshark ssl decryption for dummies
- From: ronnie sahlberg
- Re: [Wireshark-users] wireshark ssl decryption for dummies
- Prev by Date: [Wireshark-users] Wireshark will not launch
- Next by Date: [Wireshark-users] Intel 3945ABG promiscuous mode
- Previous by thread: [Wireshark-users] Wireshark will not launch
- Next by thread: Re: [Wireshark-users] wireshark ssl decryption for dummies
- Index(es):