Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 3444] Need the ability to export SSL decrypted captures

Wireshark-bugs: [Wireshark-bugs] [Bug 3444] Need the ability to export SSL decrypted captures

Date: Wed, 29 Apr 2009 07:09:31 -0700 (PDT)

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3444





--- Comment #1 from Sake <sake@xxxxxxxxxx>  2009-04-29 07:09:27 PDT ---
"tshark -V" is your friend here:


$ tshark -o ssl.keys_list:192.168.100.217,443,http,c:\\key.txt -r full.cap -V
-c 1 http
Frame 20 (492 bytes on wire, 492 bytes captured)
    Arrival Time: Oct 27, 2008 18:34:03.115779000
    [Time delta from previous captured frame: 0.000705000 seconds]
    [Time delta from previous displayed frame: 8.143545000 seconds]
    [Time since reference or first frame: 8.143545000 seconds]
    Frame Number: 20
    Frame Length: 492 bytes
    Capture Length: 492 bytes
    [Frame is marked: False]
    [Protocols in frame: eth:ip:tcp:ssl:http]
Ethernet II, Src: Dell_aa:c3:72 (00:1c:23:aa:c3:72), Dst: Netscree_24:94:b0
(00:10:db:24:94:b0)
    Destination: Netscree_24:94:b0 (00:10:db:24:94:b0)
        Address: Netscree_24:94:b0 (00:10:db:24:94:b0)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
    Source: Dell_aa:c3:72 (00:1c:23:aa:c3:72)
        Address: Dell_aa:c3:72 (00:1c:23:aa:c3:72)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
    Type: IP (0x0800)
Internet Protocol, Src: 10.31.100.137 (10.31.100.137), Dst: 192.168.100.217
(192.168.100.217)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0
    Total Length: 478
    Identification: 0x12e1 (4833)
    Flags: 0x04 (Don't Fragment)
        0... = Reserved bit: Not set
        .1.. = Don't fragment: Set
        ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 128
    Protocol: TCP (0x06)
    Header checksum: 0x520f [correct]
        [Good: True]
        [Bad : False]
    Source: 10.31.100.137 (10.31.100.137)
    Destination: 192.168.100.217 (192.168.100.217)
Transmission Control Protocol, Src Port: 57575 (57575), Dst Port: https (443),
Seq: 4820, Ack: 5995, Len: 438
    Source port: 57575 (57575)
    Destination port: https (443)
    [Stream index: 0]
    Sequence number: 4820    (relative sequence number)
    [Next sequence number: 5258    (relative sequence number)]
    Acknowledgement number: 5995    (relative ack number)
    Header length: 20 bytes
    Flags: 0x18 (PSH, ACK)
        0... .... = Congestion Window Reduced (CWR): Not set
        .0.. .... = ECN-Echo: Not set
        ..0. .... = Urgent: Not set
        ...1 .... = Acknowledgement: Set
        .... 1... = Push: Set
        .... .0.. = Reset: Not set
        .... ..0. = Syn: Not set
        .... ...0 = Fin: Not set
    Window size: 127846 (scaled)
    Checksum: 0x95fa [validation disabled]
        [Good Checksum: False]
        [Bad Checksum: False]
    [SEQ/ACK analysis]
        [This is an ACK to the segment in frame: 19]
        [The RTT to ACK the segment was: 0.000705000 seconds]
        [Number of bytes in flight: 438]
    [Timestamps]
        [Time since first frame in this TCP stream: 8.143545000 seconds]
        [Time since previous frame in this TCP stream: 0.000705000 seconds]
Secure Socket Layer
    TLSv1 Record Layer: Application Data Protocol: http
        Content Type: Application Data (23)
        Version: TLS 1.0 (0x0301)
        Length: 433
        Encrypted Application Data:
C0F19FA1BCE150D288F2558CBE8405067A962B0D25967193...
Hypertext Transfer Protocol
    GET / HTTP/1.1\r\n
        [Expert Info (Chat/Sequence): GET / HTTP/1.1\r\n]
            [Message: GET / HTTP/1.1\r\n]
            [Severity level: Chat]
            [Group: Sequence]
        Request Method: GET
        Request URI: /
        Request Version: HTTP/1.1
    Host: zim.testlab.ionip.local\r\n
    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.17)
Gecko/20080829 Firefox/2.0.0.17\r\n
    Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5\r\n
    Accept-Language: en-us,en;q=0.5\r\n
    Accept-Encoding: gzip,deflate\r\n
    Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n
    Keep-Alive: 300\r\n
    Connection: keep-alive\r\n
    \r\n

$

Would this suit your needs?


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

References:
- [Wireshark-bugs] [Bug 3444] New: Need the ability to export SSL decrypted captures
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 3444] New: Need the ability to export SSL decrypted captures
Next by Date: [Wireshark-bugs] [Bug 3444] Need the ability to export SSL decrypted captures
Previous by thread: [Wireshark-bugs] [Bug 3444] New: Need the ability to export SSL decrypted captures
Next by thread: [Wireshark-bugs] [Bug 3444] Need the ability to export SSL decrypted captures
Index(es):
- Date
- Thread