Wireshark-users: [Wireshark-users] How to decode non-standard SSL traffic
Hi
I've successfully used the rsasnakeoil2 capture file, key file and instructions to decode the encrypted content of an SSL session using Wireshark. Now, I'd like to do the same thing for several other sessions, including:
- An openssl s_client/s_server session
- A client/server session involving a proprietary product
I know that the way to decode the SSL traffic is to provide four items of information to Wireshark's Edit … Preferences … Protocols … SSL … 'RSA keys list' box:
<ip>,<port>,<protocol>,<key>
When I'm decoding a SSL-encrypted HTTP session, the values to put in 'port' and 'protocol' are obvious. But what about an openssl s_client/s_server session? I can see that the port is 4433 (which can be over-ridden). But what would the 'protocol' value be for openssl s_server? And, what 'protocol' value would I use for a proprietary client/server application? Is there some generic 'just dump out the text' protocol I should use?
Thanks!
tl
Terry Lemons
CLARiiON Appliance Engineering
CLARiiON Application Solutions Integration
EMC²
where information lives
4400 Computer Drive, MS D239
Westboro MA 01580
Phone: 508 898 7312
Email: Lemons_Terry@xxxxxxx
- Follow-Ups:
- Re: [Wireshark-users] How to decode non-standard SSL traffic
- From: Kukosa, Tomas
- Re: [Wireshark-users] How to decode non-standard SSL traffic
- From: Stephen Fisher
- Re: [Wireshark-users] How to decode non-standard SSL traffic
- Prev by Date: Re: [Wireshark-users] tethereal Display filter problems.
- Next by Date: Re: [Wireshark-users] Netmon 3 File Format
- Previous by thread: Re: [Wireshark-users] tethereal Display filter problems.
- Next by thread: Re: [Wireshark-users] How to decode non-standard SSL traffic
- Index(es):
- Get Wireshark
- Download
- Code of Conduct