Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] Problem deciphering an openssl stream

From: Philippe Fremy <phil@xxxxxxxxxxxxxxx>
Date: Thu, 14 Oct 2010 17:48:12 +0200
kolos_ws@xxxxxxxx wrote:
Hi Philippe,

  
Handshake Protocol: Server Hello
[...]
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)

I don't see any DH here, so maybe that's not the problem.
    
I agree, it doesn't look like it's using DH. What would be interesting to 
see if you see a "Client key exchange" or a "Server key exchange" at the 
beginning of the SSL session in your capture when you look at it in 
Wireshark.

Also, you might want to use "-s 0" when running tcpdump, that just 
captures everything.
  
That's what I did initially, but the wiki of wireshark recommends -s 65535 .

I did several screenshots of my session, to show the different SSL packets. If anything explains why I can't decode it, that would be great. All are attached to this email (hoping the ML will let it through).

cheers,

Philippe

PNG image

PNG image

PNG image

PNG image

PNG image

PNG image