Wireshark-users: Re: [Wireshark-users] Decrypt SSL Windows sample trace
: Sake Blok <sake@xxxxxxxxxx
: Wed, 14 May 2008 01:12:47 +0200
On Tue, May 13, 2008 at 04:01:52PM -0700, Lakshman Hariharan wrote:
> --- Sake Blok <sake@xxxxxxxxxx> wrote:
> > On Tue, May 13, 2008 at 12:20:39PM -0700, Lakshman
> > Hariharan wrote:
> > > Is there a sample trace available that would open
> > on
> > > Windows Wireshark that can be used to see
> > decryption
> > > of SSL traffic? The snakeoil2_070531 trace deos
> > not
> > > open on Windows Wireshark. I am running version
> > 1.0.
> > That's because the file is a so called compressed
> > tar archive.
> > You should be able to open the archive with your
> > favorite
> > archiving program (WinZIP, ZipGenius, etc). In it
> > you will find
> > a README, a capture file and the private key.
> Of course, I didn't open the .tar file with Wireshark.
> It is when I try to open the extracted file that
> Wireshark won't open it. I extracted it and there is
> only one file when extracted.
If there is only one file after you extract the .tgz file, it
will probably be the file snakeoil2_070531.tar . This is the
actual archive with the three files in it, so you need to
open that file again in your archiver. Some archivers do
this in one go, others need two runs.
Here's some more info on the files:
$ file snakeoil2_070531.tgz
snakeoil2_070531.tgz: gzip compressed data, from Unix, last modified: Thu May 31 16:47:03 2007
$ gzip -d snakeoil2_070531.tgz
$ file snakeoil2_070531.tar
snakeoil2_070531.tar: POSIX tar archive (GNU)
$ tar xvf snakeoil2_070531.tar
$ file rsasnakeoil2.*
rsasnakeoil2.README: ASCII text, with CRLF line terminators
rsasnakeoil2.cap: tcpdump capture file (little-endian) - version 2.4 (Ethernet, capture length 65535)
rsasnakeoil2.key: ASCII text, with CRLF line terminators
Hope this helps,