Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: [Wireshark-users] Export as PDML bug corrected in the nightlies, but ...

From: "Olivier LENORMAND" <Olivier.Lenormand@xxxxxxxxxxx>
Date: Tue, 3 Oct 2006 18:07:14 +0200
Title: Message
Hi,
 
I'm glad that WireShark windows binary is now SSL-capable, thx to every one responsible for that :)
 
But two annoying bugs still prevent me from using it...
 
Here's what I do :
I use WS to capture the dialog between my web browser and two HTTP servers.
The protocol is encrypted (https+certificate), but I have access to the decryption keys of theses servers.
Of course I need the encrypted datas to be readable :)
When WS is given the decription keys, reading the top the SSL debug file informs me that all is going well.
 
First case, using latest stable WS (0.99.3).
Both servers are being correctly decrypted.
But I can't export my capture file to a PDML file, the export aborts after a few lines generated.
 
Second case, using the latest nightlies (tried with 0.99.4-SVN-19394, 0.99.4-SVN-19402 and 0.99.4-SVN-19374).
Though I did not find the above bug while browsing the mailing list, this bug is now history in the nightlies: well done!
But with the nightlies, I can't no more decrypt all my SSL-encrypted data the way WS 0.99.3 manages to.
 
In detail :
 
 - The datas on my second server is always decrypted and well exported in XML, so far so good.
 
 - For the first server, all outgoing data (GET & POST) are well decrypted.
But all incoming datas (from the browser point of view) are not.
In fact, the "Decrypted SSL record" tab does not appear for this host.
So logically the datas are encrypted in the export XML file.
Strangely, all theses datas are correctly decrypted ... in the SSL debug file.
 
I don't understand why one of my two servers is always decrypted.
If I specify the decryption parameters for only the server that fails being decrypted, it still fails.
 
Any hint?
Any hope for this bug being solved quickly?
 
Thx in advance for your support, feel free to ask me any complementary questions if needed.
And of course thanks for making such a superb tool available for free.
 
Olivier.