Wireshark-users: Re: [Wireshark-users] wireshark ssl decryption for dummies

From: Andrew Schweitzer <a.schweitzer.grps@xxxxxxxxx>
Date: Tue, 12 Sep 2006 23:03:13 -0400
ronnie sahlberg wrote:
can you try to put the key file in the same directory as the trace
and specify the key file without a path :
127.0.0.1 <http://127.0.0.1/>,3700,data,server.key

log file says:

association_remove_handle removing ptr 0496FED0 handle 0293D878
association_remove_handle removing ptr 04970368 handle 0293A138
association_remove_handle removing ptr 0496C350 handle 02920F88
association_remove_handle removing ptr 04970380 handle 02A78A40
ssl_init keys string 127.0.0.1,3700,data,e:\ethercap\server.key
ssl_init found host entry 127.0.0.1,3700,data,e:\ethercap\server.key
ssl_init addr 127.0.0.1 port 3700 filename e:\ethercap\server.key
ssl_get_version: 1.5.0
ssl_init private key file e:\ethercap\server.key successfully loaded
association_add port 3700 protocol data handle 02758DD0
association_add port 443 protocol http handle 0293D878
association_add port 636 protocol ldap handle 0293A138
association_add port 993 protocol imap handle 02920F88
association_add port 995 protocol pop handle 02A78A40
ssl_session_init: initializing ptr 04F63300 size 568
association_find: port 3700 found 04B262B0
packet_from_server: is from server 1
dissect_ssl server 11.38.144.142:3700
dissect_ssl can't find private key for this server!
dissect_ssl3_record: content_type 23
association_find: port 3700 found 04B262B0
dissect_ssl3_record: content_type 23
association_find: port 3700 found 04B262B0
ssl_session_init: initializing ptr 04F61978 size 568
association_find: port 1032 found 00000000
packet_from_server: is from server 0
dissect_ssl server 11.38.144.142:3700
dissect_ssl can't find private key for this server!
dissect_ssl3_record: content_type 22
dissect_ssl3_handshake iteration 1 type 1 offset 5 lenght 43 bytes, remaning 52
dissect_ssl3_record: content_type 22
dissect_ssl3_handshake iteration 1 type 2 offset 5 lenght 70 bytes, remaning 79
dissect_ssl3_record: content_type 22