On Mon, Jan 22, 2007 at 11:41:43AM -0500, lemons_terry@xxxxxxx wrote:
> Thanks for the reply, Mike. I have been able to bring up the
> rsasnakeoil capture file, and my wireshark on Linux build does
> recognize and decode the SSL. So I know my build is capable of
> decoding SSL. But I don't understand why it can't recognize and
> decode an openssl s_client/s_server exchange?
What port is the exchange going over? Wireshark only expects SSL over
certain ports by default: 443 (http), 636 (ldap), 993 (imap), 995
(pop3). You can force your traffic to be recognized as SSL by right
clicking on one of the packets in the packet list and choosing "Decode
As" and picking SSL from the list.
Steve