Wireshark-users: [Wireshark-users] Decrypting SSL application data using tshark

From: Vijay Sitaram <vjatfugen@xxxxxxxxx>
Date: Thu, 19 Oct 2006 15:02:27 -0700 (PDT)
Hi,
 
    I recently compiled and installed WireShark version 0.99.3 on RedHat Linux ES 3.0 using the following configure line:
 
#./configure --enable-dftest --enable-ranpkt --with-ssl
 
    I am now trying to disect the sample capture file 'rsnakeoil2.cap' to look at the application data.  I have tried a few things like :
# tshark -r rsasnakeoil2.cap -R "ssl"
# tshark �T text �w decoded.txt -r rsasnakeoil2.cap -R "127.0.0.1,443,/path/to/snakeoil2/rsasnakeoil2.key"
 
    However, I am still not able to look into the SSL communication data.  When I look at the documentation (user's guide), it does not have complete information especially as it relates to SSL.  Any help / pointers would be greatly appreciated.
 
    Kind regards,
 
Vijay
 


Stay in the know. Pulse on the new Yahoo.com. Check it out.