Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: [Wireshark-users] Decrypt SSL application data using tshark

From: Vijay Sitaram <vjatfugen@xxxxxxxxx>
Date: Mon, 23 Oct 2006 17:32:34 -0700 (PDT)
Hi,
 
    I am trying to decrypt SSL application data by using 'tshark' on RedHat Linux using the following command:
tshark -V -r rsasnakeoil2.cap -R "127.0.0.1,443,/path/to/snakeoil2/rsasnakeoil2.key" > output.txt
 
    However, when I look into output.txt for application data, it looks like the following:
Secure Socket Layer
    SSLv3 Record Layer: Application Data Protocol: http
        Content Type: Application Data (23)
        Version: SSL 3.0 (0x0300)
        Length: 432
        Encrypted Application Data: 4AC33E9D7778012CB4BC4C9A84D7B9900C2110F0FA007C16...
 
I have verified the pre-requisites by making sure that I have the following are installed on my system before compiling:
gnutls-1.0.20-4_2.RHL9.at
gnutls-devel-1.0.20-4_2.RHL9.at
libgcrypt11-1.2.2-12.el3.at
libgcrypt-devel-1.2.2-12.el3.at
openssl-0.9.7a-22.1
openssl-devel-0.9.7a-22.1
/usr/local/lib/libpcap.so.0.9.5
 
    So far, I have been unsuccessful with both the 'wireshark-0.99.3a' as well as 'wireshark-0.99.4-SVN-19665' versions.
 
    Thanks for your help.  Kind regards,
 
Vijay


Get your own web address for just $1.99/1st yr. We'll help. Yahoo! Small Business.