Wireshark

  • Riverbed Technology
  • WinPcap
the world's foremost network protocol analyzer
  • Wireshark
    • About
    • Download
    • Blog
  • Get Help
    • Ask a Question
    • FAQs
    • Documentation
    • Mailing Lists
    • Online Tools
    • Wiki
    • Bug Tracker
  • Develop
    • Get Involved
    • Developer's Guide
    • Browse the Code
    • Latest Builds

Wireshark-users: [Wireshark-users] TLSv1 vs SSL3.0 decoding issue

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next


From: jacob c <jctx09@xxxxxxxxx>
Date: Thu, 11 Jun 2009 07:41:31 -0700 (PDT)

Hello,
 
I am unable to decode a SSL capture that is using TLSv1. This is an application connecting to a BigIP VIP. I then used an IE browser to connect to the same VIP and it decoded it just fine. I usually have no issues decoding SSL but I can't decode this one and tried several captures from the beginning to make sure I get the initial key exchange. And of course the private key is correct because it work when using my IE browsers. Any ideas would be great. Here are some capture excerpts.
 
App negotiating SSL using TLSv1
 4 0.000976    10.151.59.152         10.62.40.33           SSLv2    Client Hello
      5 0.003939    10.62.40.33           10.151.59.152         TLSv1    Server Hello, Certificate, Server Key Exchange, Server Hello Done
      6 0.009517    10.151.59.152         10.62.40.33           TLSv1    Client Key Exchange
      7 0.108893    10.62.40.33           10.151.59.152         TCP      https > 4255 [ACK] Seq=970 Ack=133 Win=4512 Len=0
      8 0.109370    10.151.59.152         10.62.40.33           TLSv1    Change Cipher Spec, Encrypted Handshake Message
      9 0.110123    10.62.40.33           10.151.59.152         TLSv1    Change Cipher Spec, Encrypted Handshake Message
     10 0.111321    10.151.59.152         10.62.40.33           TLSv1    Application Data
IE v6 Browser negotiating with SSL v3
o.     Time        Source                Destination           Protocol Info
      1 0.000000    10.56.252.90          10.62.40.33           TCP      14624 > https [SYN] Seq=0 Win=65535 Len=0 MSS=1380 WS=0 TSV=0 TSER=0
      2 0.000059    10.62.40.33           10.56.252.90          TCP      https > 14624 [SYN, ACK] Seq=0 Ack=1 Win=4140 Len=0 MSS=1460 WS=0 TSV=3429125276 TSER=0
      3 0.000475    10.56.252.90          10.62.40.33           TCP      14624 > https [ACK] Seq=1 Ack=1 Win=65535 Len=0 TSV=7207995 TSER=3429125276
      4 0.020255    10.56.252.90          10.62.40.33           SSLv2    Client Hello
      5 0.020302    10.62.40.33           10.56.252.90          SSLv3    Server Hello, Certificate, Server Hello Done
      6 0.021714    10.56.252.90          10.62.40.33           SSLv3    Client Key Exchange, Change Cipher Spec, Finished
      7 0.022390    10.62.40.33           10.56.252.90          SSLv3    Change Cipher Spec, Finished
      8 0.113509    10.56.252.90          10.62.40.33           TCP      14624 > https [FIN, ACK] Seq=283 Ack=827
 
Thank you,

  • Follow-Ups:
    • Re: [Wireshark-users] TLSv1 vs SSL3.0 decoding issue
      • From: Sake Blok
  • Prev by Date: [Wireshark-users] Merging a bunch of PCAP files
  • Next by Date: Re: [Wireshark-users] How to decode SCCP in M3UA/SCTP/IP ?
  • Previous by thread: Re: [Wireshark-users] Merging a bunch of PCAP files
  • Next by thread: Re: [Wireshark-users] TLSv1 vs SSL3.0 decoding issue
  • Index(es):
    • Date
    • Thread

Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation