OK thanks a lot! I followed the exact same sequence of steps, however still NOT able to decode SSL traffic. So, obviously something is wrong with my local build.
Can you please confirm the version for libgcrypt and gnutls packages on your system? Here is the information from my system:
[vijay@hostname vijay]$ rpmquery -a | grep -i gcrypt
libgcrypt11-1.2.2-12.el3.at
libgcrypt-devel-1.2.2-12.el3.at
[vijay@hostname vijay]$ rpmquery -a | grep -i gnutls
gnutls-1.0.20-4_2.RHL9.at
gnutls-devel-1.0.20-4_2.RHL9.at
[vijay@hlthbnftsprovider vijay]$
Are there any other dependencies that could be effecting my results?
Kind regards,
Vijay
ronnie sahlberg <ronniesahlberg@xxxxxxxxx> wrote:
I did this :
Unpacked the example from wiki.wireshark.org/SSL into the current directory.
Started wireshark and set the SSL preference line to :
127.0.0.1,443,http,./rsasnakeoil2.key
applied the change and exited wireshark.
From this directory I then start wireshark again with the command :
wireshark -n -r ./rsasnakeoil2.cap
I click on packet #50 and can see the HTTP GET command that is
transported inside SSL.
This works fine for me on linux.
On 10/31/06, Vijay Sitaram wrote:
> Thank you very much for testing and verifying it again. Can you please tell
> me how you did it? If you could copy and paste the ssldebug.txt file, that
> will also be very helpful.
>
> Regards,
>
> Vijay
>
>
> ronnie sahlberg
wrote:
> Yes it has been tested.
>
>
> I use linux and I just verified it again using the example and the
> instructions on http://wiki.wireshark.org/SSL
> and once I set the preference properly and I restart wireshark it does
> decrypt the example capture just fine.
>
>
>
> On 10/31/06, Vijay Sitaram wrote:
> > Hi All,
> >
> > Can someone authoritatively answer this question:
> >
> > Has the 'WireShark / Tshark' program ever been used for SSLv3 dissection
> > on Linux?
> >
> > I have posted related questions several times but have not received
> > any complete responses. Recently I came across Bug ID 1119 (SSL dissector
> > not decrypting SSLv3 and TLS 1.0 traffic (only tested in win32)). If this
> > is true then perhaps my efforts are futile?
> >
> > I would happy
to debug this issue further if someone can point me in
> > the right direction. Here is some relevant information from a log file
> when
> > I try to decrypt the sample:
> > ...
> > ssl_init keys string
> > 127.0.0.1,443,http,/home/vijay/snakeoil2/rsasnakeoil2.key
> > ssl_init found host entry
> > 127.0.0.1,443,http,/home/vijay/snakeoil2/rsasnakeoil2.key
> > ssl_init addr 127.0.0.1 port 443 filename
> > /home/vijay/snakeoil2/rsasnakeoil2.key
> > ssl_get_version: 1.0.20
> > ssl_init private key file /home/vijay/snakeoil2/rsasnakeoil2.key
> > successfully loaded
> > ...
> > association_find: port 38713 found (nil)
> > packet_from_server: is from server 0
> > dissect_ssl server 127.0.0.1:443
> > client random len: 16 padded to 32
> > dissect_ssl3_record: content_type 22
> > decrypt_ssl3_record:
app_data len 74 ssl state 11
> > decrypt_ssl3_record: no session key
> > ...
> > ssl_decrypt_pre_master_secret wrong pre_master_secret lenght (128,
> > expected 48)
> > dissect_ssl3_handshake can't decrypt pre master secret
> > dissect_ssl3_record: content_type 20
> > dissect_ssl3_change_cipher_spec
> > ...
> >
> > Thanks for your response. Kind regards,
> >
> > Vijay
> >
> >
> >
> > ---------------------------------
> > Want to start your own business? Learn how on Yahoo! Small Business.
> >
> > ---------------------------------
> > Everyone is raving about the all-new Yahoo! Mail.
> >
>
>
>
> ---------------------------------
> Check out the New Yahoo! Mail - Fire up a more powerful email and get
> things done faster.
>
>
---------------------------------
> Want to start your own business? Learn how on Yahoo! Small Business.
>
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users
Access over 1 million songs - Yahoo! Music Unlimited
Try it today.
Low, Low, Low Rates! Check out Yahoo! Messenger's cheap
PC-to-Phone call rates.