Wireshark

  • Riverbed Technology
  • WinPcap
the world's foremost network protocol analyzer
  • Wireshark
    • About
    • Download
    • Blog
  • Get Help
    • Ask a Question
    • FAQs
    • Documentation
    • Mailing Lists
    • Online Tools
    • Wiki
    • Bug Tracker
  • Develop
    • Get Involved
    • Developer's Guide
    • Browse the Code
    • Latest Builds

Wireshark-users: [Wireshark-users] SSL Decryption Issues

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next


From: "James Hughes" <JHughes@xxxxxxxxxxxxx>
Date: Mon, 6 Nov 2006 11:00:26 -0600

I am trying to setup the SSL Decryption feature of WireShark using version 0.99.4. I have been unsuccessful in get the decryption to work so far. I have included the SSL Debug file in the email. I believe the problem is that WireShark is automatically adding associations that are overriding mine.

 

ssl_init keys string 172.16.4.17,443,data,C:\jxdeploy\certificates\jxmain(server).pem

ssl_init found host entry 172.16.4.17,443,data,C:\jxdeploy\certificates\jxmain(server).pem

ssl_init addr 172.16.4.17 port 443 filename C:\jxdeploy\certificates\jxmain(server).pem

ssl_get_version: 1.5.1

ssl_init private key file C:\jxdeploy\certificates\jxmain(server).pem successfully loaded

association_add TCP port 443 protocol data handle 028E7E98

association_find: TCP port 443 found 03CEBB48

ssl_association_remove removing TCP 443 - data handle 028E7E98

association_add TCP port 443 protocol http handle 02931F68

association_find: TCP port 636 found 03CAB200

ssl_association_remove removing TCP 636 - ldap handle 0456A9D8

association_add TCP port 636 protocol ldap handle 0456A9D8

association_find: TCP port 993 found 03CB2718

ssl_association_remove removing TCP 993 - imap handle 0293FB18

association_add TCP port 993 protocol imap handle 0293FB18

association_find: TCP port 995 found 03CB29D0

ssl_association_remove removing TCP 995 - pop handle 046D78D0

association_add TCP port 995 protocol pop handle 046D78D0

 

Does anyone know why WireShark is loading 443 to HTTP, 636 to LDAP, 993 to IMAP and 995 to POP? I need 443 associated to something else.

 

Thanks for your help,

 

James P Hughes

 

 

James P Hughes

Jack Henry & Assoc.

7400 Cahaba Valley Road

Birmingham, AL 35242

ph(205)981-1980

fx(205)981-1884

 

 

NOTICE: This electronic mail message and any files transmitted with it are intended exclusively
for the individual or entity to which it is addressed. The message, together with any attachment, may contain confidential and/or privileged
information. Any unauthorized review, use, printing, saving, copying, disclosure 
or distribution is strictly prohibited. If you have received this message in error, please immediately
advise the sender by reply email and delete all copies.
  • Follow-Ups:
    • Re: [Wireshark-users] SSL Decryption Issues
      • From: Stephen Fisher
  • Prev by Date: Re: [Wireshark-users] gigabit ethernet capture
  • Next by Date: Re: [Wireshark-users] Eurex MISS / CME MDP dissectors
  • Previous by thread: Re: [Wireshark-users] Response time Questions
  • Next by thread: Re: [Wireshark-users] SSL Decryption Issues
  • Index(es):
    • Date
    • Thread

Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation