Wireshark-users: Re: [Wireshark-users] wireshark ssl decryption for dummies
From: Andrew Schweitzer <[email protected]>
Date: Tue, 12 Sep 2006 22:09:50 -0400
ronnie sahlberg wrote:

On 9/12/06, Andrew Schweitzer <[email protected]> wrote:

Hello, I'm trying to decrypt some SSL traffic.

The connection initiator talk to port 37000. It talks a proprietary
protocol (one not present in wireshark). I have the keys of the
initiator and the listener. I am capturing on the listener. What should
my RSA keys list be?

[snip]
try:
127.0.0.1,3700,data,e:\keys\server.key

That worked better. Wireshark now knows it's looking at SSL and parses 
the SSL header... but it doesn't seem to decrypt the data. Any 
suggestions on how to debug this?
log file says:

===Begin log file===
dissect_ssl3_record: content_type 23
association_find: port 1032 found 00000000
association_find: port 3700 found 0496FED0
===End log file===
_______________________________________________
Wireshark-users mailing list
[email protected]
http://www.wireshark.org/mailman/listinfo/wireshark-users