Wireshark · Wireshark-users: Re: [Wireshark-users] saving decoded ssl packets back to libpcap format

Wireshark-users: Re: [Wireshark-users] saving decoded ssl packets back to libpcap format

From: Kenneth Hunt <kenneth.hunt.b@xxxxxxxxx>

Date: Tue, 21 Nov 2006 10:22:38 -0500

OK... I worked on this yesterday, and I think the answer involves text2pcap which can read in hex dumps of packets... my theory is that decoding the packets and saving them in the interim format means I can pull them back in. decoded... anyone else think this is possible?

Can anyone confirm this is the right approach? I think I'm missing the correct switches on the commandline when writing the packets to a file:

tshark -x -r rsasnakeoil2.cap -o "ssl.keys_list: 127.0.0.1,443,http,./rsasnakeoil2.key" -o "ssl.debug_file: ./ssldebug.txt" -w out.cap

all I get is the encoded packet stream in the .cap file.

Kenneth Hunt
Bayer Corporate and Business Services LLC
North America Information Technology
IS Analyst
http://www.linkedin.com/in/kennethhunt

"deepali goel" <deepaligoel2003@xxxxxxxxx>
Sent by: wireshark-users-bounces@xxxxxxxxxxxxx

11/20/2006 11:45 PM

Please respond to
Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx>

To	"Community support list for Wireshark" <wireshark-users@xxxxxxxxxxxxx>
cc
Subject	Re: [Wireshark-users] saving decoded ssl packets back to libpcap format

i know the contents of my packet but cant see the packet flowing in the traffic captured??

On 11/21/06, Kenneth Hunt <kenneth.hunt.b@xxxxxxxxx> wrote:

I can open the sample file snakeoil2.tgz in the wiki: http://wiki.wireshark.org/SSL

Is it possible to save the decoded packets back to libpcap format so I can reopen it with out the SSL settings?
I am using 127.0.0.1,443,http,c:\rsasnakeoil2.key with the private key in the root of my c drive.

Kenneth Hunt
Bayer Corporate and Business Services LLC
North America Information Technology
IS Analyst

The information contained in this e-mail is for the exclusive use of the intended recipient(s) and may be confidential, proprietary, and/or legally privileged. Inadvertent disclosure of this message does not constitute a waiver of any privilege. If you receive this message in error, please do not directly or indirectly use, print, copy, forward, or disclose any part of this message. Please also delete this e-mail and all copies and notify the sender. Thank you.

For alternate languages please go to http://bayerdisclaimer.bayerweb.com

_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users

_______________________________________________ Wireshark-users mailing list Wireshark-users@xxxxxxxxxxxxx http://www.wireshark.org/mailman/listinfo/wireshark-users

Follow-Ups:
- Re: [Wireshark-users] saving decoded ssl packets back to libpcap format
  - From: Hans Nilsson
- Re: [Wireshark-users] saving decoded ssl packets back to libpcap format
  - From: Vijay Sitaram

References:
- Re: [Wireshark-users] saving decoded ssl packets back to libpcap format
  - From: deepali goel

Prev by Date: [Wireshark-users] Capturing packets on dial-up connections
Next by Date: Re: [Wireshark-users] Capturing packets on dial-up connections
Previous by thread: Re: [Wireshark-users] saving decoded ssl packets back to libpcap format
Next by thread: Re: [Wireshark-users] saving decoded ssl packets back to libpcap format
Index(es):
- Date
- Thread