Wireshark-dev: [Wireshark-dev] Problem decoding ULP in TLS encapsulation
Date: Thu, 9 Aug 2007 01:50:36 -0500
Hello,

Sorry for the accidental, premature send of an incomplete draft of this
message...

I have captured a trace of a ULP (OMA UserPlane Location Protocol)
session. It is encapsulated in TLS, so I added the following single
entry to the "RSA keys list" under the SSL preferences:

	10.10.5.67,7275,ulp,C:\USERS\tfrivold\pki.key;

However, when I start up Wireshark, the SSL debug file suggests that the
ULP module cannot be found ("association_add could not find handle for
protocol 'ulp'" below). Wireshark will decrypt the TLS application data
packets, but just shows them as opaque data; not ULP packets. However, I
was able to view the decoded ULP packets through some painstaking
reformatting and use of text2pcap, so the ULP module does work on
unencrypted data. It would be nice for the TLS encapsulated ULP packets
to just display without special reformatting.

Is this cockpit error on my part, or is there an internal configuration
issue?

Thank you.

Cheers,

Thane Frivold
[email protected]
 

=-=-= SSL debug file =-=-=

ssl_init keys string:
10.10.5.67,7275,ulp,C:\USERS\tfrivold\pki.key;
ssl_init found host entry 10.10.5.67,7275,ulp,C:\USERS\tfrivold\pki.key;
ssl_init addr 10.10.5.67 port 7275 filename C:\USERS\tfrivold\pki.key
ssl_init private key file C:\USERS\tfrivold\pki.key successfully loaded
association_add TCP port 7275 protocol ulp handle 00000000
association_add could not find handle for protocol 'ulp', try to find
'data' dissector
ssl_init found host entry 
ssl_init entry malformed can't find port in ''
association_find: TCP port 443 found 0332D900
ssl_association_remove removing TCP 443 - http handle 02B468C0
association_add TCP port 443 protocol http handle 02B468C0
association_find: TCP port 636 found 0332D418
ssl_association_remove removing TCP 636 - ldap handle 028DE710
association_add TCP port 636 protocol ldap handle 028DE710
association_find: TCP port 993 found 0332D5D0
ssl_association_remove removing TCP 993 - imap handle 02BB5228
association_add TCP port 993 protocol imap handle 02BB5228
association_find: TCP port 995 found 0332DE68
ssl_association_remove removing TCP 995 - pop handle 02C4F6F8
association_add TCP port 995 protocol pop handle 02C4F6F8


=-=-= Details from "About" menu option =-=-=

Version 0.99.6a (SVN Rev 22276)

Copyright 1998-2007 Gerald Combs <[email protected]> and
contributors.
This is free software; see the source for copying conditions. There is
NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
PURPOSE.

Compiled with GTK+ 2.10.12, with GLib 2.12.12, with WinPcap (version
unknown), with libz 1.2.3, with libpcre 6.4, with Net-SNMP 5.4, with
ADNS, with Lua 5.1, with GnuTLS 1.6.1, with Gcrypt 1.2.3, with MIT
Kerberos, with PortAudio PortAudio V19-devel, with AirPcap.

Running on Windows XP Service Pack 2, build 2600, with WinPcap version
4.0.1 (packet.dll version 4.0.0.901), based on libpcap version 0.9.5,
without AirPcap.

Built using Microsoft Visual C++ 6.0 build 8804