Wireshark-dev: Re: [Wireshark-dev] Problem decoding ULP in TLS encapsulation

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: <Thane.Frivold@xxxxxxxxx>
Date: Thu, 9 Aug 2007 12:20:00 -0500
Anders,

	Build 22477 took care of the problem.

	Thanks so much!

	Cheers,

- Thane
  

>-----Original Message-----
>From: Frivold Thane (Nokia-M/SanFrancisco) 
>Sent: Wednesday, August 08, 2007 11:51 PM
>To: 'wireshark-dev@xxxxxxxxxxxxx'
>Cc: Frivold Thane (Nokia-M/SanFrancisco)
>Subject: Problem decoding ULP in TLS encapsulation
>
>Hello,
>
>Sorry for the accidental, premature send of an incomplete 
>draft of this message...
>
>I have captured a trace of a ULP (OMA UserPlane Location 
>Protocol) session. It is encapsulated in TLS, so I added the 
>following single entry to the "RSA keys list" under the SSL 
>preferences:
>
>	10.10.5.67,7275,ulp,C:\USERS\tfrivold\pki.key;
>
>However, when I start up Wireshark, the SSL debug file 
>suggests that the ULP module cannot be found ("association_add 
>could not find handle for protocol 'ulp'" below). Wireshark 
>will decrypt the TLS application data packets, but just shows 
>them as opaque data; not ULP packets. However, I was able to 
>view the decoded ULP packets through some painstaking 
>reformatting and use of text2pcap, so the ULP module does work 
>on unencrypted data. It would be nice for the TLS encapsulated 
>ULP packets to just display without special reformatting.
>
>Is this cockpit error on my part, or is there an internal 
>configuration issue?
>
>Thank you.
>
>Cheers,
>
>Thane Frivold
>thane.frivold@xxxxxxxxx
> 
>
>=-=-= SSL debug file =-=-=
>
>ssl_init keys string:
>10.10.5.67,7275,ulp,C:\USERS\tfrivold\pki.key;
>ssl_init found host entry 
>10.10.5.67,7275,ulp,C:\USERS\tfrivold\pki.key;
>ssl_init addr 10.10.5.67 port 7275 filename 
>C:\USERS\tfrivold\pki.key ssl_init private key file 
>C:\USERS\tfrivold\pki.key successfully loaded association_add 
>TCP port 7275 protocol ulp handle 00000000 association_add 
>could not find handle for protocol 'ulp', try to find 'data' 
>dissector ssl_init found host entry ssl_init entry malformed 
>can't find port in ''
>association_find: TCP port 443 found 0332D900 
>ssl_association_remove removing TCP 443 - http handle 02B468C0 
>association_add TCP port 443 protocol http handle 02B468C0
>association_find: TCP port 636 found 0332D418 
>ssl_association_remove removing TCP 636 - ldap handle 028DE710 
>association_add TCP port 636 protocol ldap handle 028DE710
>association_find: TCP port 993 found 0332D5D0 
>ssl_association_remove removing TCP 993 - imap handle 02BB5228 
>association_add TCP port 993 protocol imap handle 02BB5228
>association_find: TCP port 995 found 0332DE68 
>ssl_association_remove removing TCP 995 - pop handle 02C4F6F8 
>association_add TCP port 995 protocol pop handle 02C4F6F8
>
>
>=-=-= Details from "About" menu option =-=-=
>
>Version 0.99.6a (SVN Rev 22276)
>
>Copyright 1998-2007 Gerald Combs <gerald@xxxxxxxxxxxxx> and 
>contributors.
>This is free software; see the source for copying conditions. 
>There is NO warranty; not even for MERCHANTABILITY or FITNESS 
>FOR A PARTICULAR PURPOSE.
>
>Compiled with GTK+ 2.10.12, with GLib 2.12.12, with WinPcap 
>(version unknown), with libz 1.2.3, with libpcre 6.4, with 
>Net-SNMP 5.4, with ADNS, with Lua 5.1, with GnuTLS 1.6.1, with 
>Gcrypt 1.2.3, with MIT Kerberos, with PortAudio PortAudio 
>V19-devel, with AirPcap.
>
>Running on Windows XP Service Pack 2, build 2600, with WinPcap 
>version 4.0.1 (packet.dll version 4.0.0.901), based on libpcap 
>version 0.9.5, without AirPcap.
>
>Built using Microsoft Visual C++ 6.0 build 8804
>
>
>