Wireshark · Wireshark-users: Re: [Wireshark-users] wireshark ssl decryption for dummies

Wireshark-users: Re: [Wireshark-users] wireshark ssl decryption for dummies

From: Andrew Schweitzer <a.schweitzer.grps@xxxxxxxxx>

Date: Tue, 12 Sep 2006 22:09:50 -0400

ronnie sahlberg wrote:

On 9/12/06, Andrew Schweitzer <a.schweitzer.grps@xxxxxxxxx> wrote:

Hello, I'm trying to decrypt some SSL traffic.

The connection initiator talk to port 37000. It talks a proprietary
protocol (one not present in wireshark). I have the keys of the
initiator and the listener. I am capturing on the listener. What should
my RSA keys list be?


[snip]


try:
127.0.0.1,3700,data,e:\keys\server.key

That worked better. Wireshark now knows it's looking at SSL and parsesthe SSL header... but it doesn't seem to decrypt the data. Anysuggestions on how to debug this?


log file says:

===Begin log file===
dissect_ssl3_record: content_type 23
association_find: port 1032 found 00000000
association_find: port 3700 found 0496FED0
===End log file===

_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users

Follow-Ups:
- Re: [Wireshark-users] wireshark ssl decryption for dummies
  - From: Andrew Schweitzer

References:
- [Wireshark-users] wireshark ssl decryption for dummies
  - From: Andrew Schweitzer
- Re: [Wireshark-users] wireshark ssl decryption for dummies
  - From: ronnie sahlberg

Prev by Date: Re: [Wireshark-users] wireshark ssl decryption for dummies
Next by Date: Re: [Wireshark-users] wireshark ssl decryption for dummies
Previous by thread: Re: [Wireshark-users] wireshark ssl decryption for dummies
Next by thread: Re: [Wireshark-users] wireshark ssl decryption for dummies
Index(es):
- Date
- Thread