I did this :
Unpacked the example from wiki.wireshark.org/SSL into the current directory.
Started wireshark and set the SSL preference line to :
127.0.0.1,443,http,./rsasnakeoil2.key
applied the change and exited wireshark.
From this directory I then start wireshark again with the command :
wireshark -n -r ./rsasnakeoil2.cap
I click on packet #50 and can see the HTTP GET command that is
transported inside SSL.
This works fine for me on linux.
On 10/31/06, Vijay Sitaram <vjatfugen@xxxxxxxxx> wrote:
Thank you very much for testing and verifying it again. Can you please tell
me how you did it? If you could copy and paste the ssldebug.txt file, that
will also be very helpful.
Regards,
Vijay
ronnie sahlberg <ronniesahlberg@xxxxxxxxx> wrote:
Yes it has been tested.
I use linux and I just verified it again using the example and the
instructions on http://wiki.wireshark.org/SSL
and once I set the preference properly and I restart wireshark it does
decrypt the example capture just fine.
On 10/31/06, Vijay Sitaram wrote:
> Hi All,
>
> Can someone authoritatively answer this question:
>
> Has the 'WireShark / Tshark' program ever been used for SSLv3 dissection
> on Linux?
>
> I have posted related questions several times but have not received
> any complete responses. Recently I came across Bug ID 1119 (SSL dissector
> not decrypting SSLv3 and TLS 1.0 traffic (only tested in win32)). If this
> is true then perhaps my efforts are futile?
>
> I would happy to debug this issue further if someone can point me in
> the right direction. Here is some relevant information from a log file
when
> I try to decrypt the sample:
> ...
> ssl_init keys string
> 127.0.0.1,443,http,/home/vijay/snakeoil2/rsasnakeoil2.key
> ssl_init found host entry
> 127.0.0.1,443,http,/home/vijay/snakeoil2/rsasnakeoil2.key
> ssl_init addr 127.0.0.1 port 443 filename
> /home/vijay/snakeoil2/rsasnakeoil2.key
> ssl_get_version: 1.0.20
> ssl_init private key file /home/vijay/snakeoil2/rsasnakeoil2.key
> successfully loaded
> ...
> association_find: port 38713 found (nil)
> packet_from_server: is from server 0
> dissect_ssl server 127.0.0.1:443
> client random len: 16 padded to 32
> dissect_ssl3_record: content_type 22
> decrypt_ssl3_record: app_data len 74 ssl state 11
> decrypt_ssl3_record: no session key
> ...
> ssl_decrypt_pre_master_secret wrong pre_master_secret lenght (128,
> expected 48)
> dissect_ssl3_handshake can't decrypt pre master secret
> dissect_ssl3_record: content_type 20
> dissect_ssl3_change_cipher_spec
> ...
>
> Thanks for your response. Kind regards,
>
> Vijay
>
>
>
> ---------------------------------
> Want to start your own business? Learn how on Yahoo! Small Business.
>
> ---------------------------------
> Everyone is raving about the all-new Yahoo! Mail.
>
---------------------------------
Check out the New Yahoo! Mail - Fire up a more powerful email and get
things done faster.
---------------------------------
Want to start your own business? Learn how on Yahoo! Small Business.
