Wireshark-users: Re: [Wireshark-users] Decode SSL?

From: Stephen Fisher <stephentfisher@xxxxxxxxx>
Date: Mon, 22 Jan 2007 09:39:34 -0800
On Mon, Jan 22, 2007 at 11:41:43AM -0500, lemons_terry@xxxxxxx wrote:

> Thanks for the reply, Mike.  I have been able to bring up the 
> rsasnakeoil capture file, and my wireshark on Linux build does 
> recognize and decode the SSL.  So I know my build is capable of 
> decoding SSL.  But I don't understand why it can't recognize and 
> decode an openssl s_client/s_server exchange?

What port is the exchange going over?  Wireshark only expects SSL over 
certain ports by default: 443 (http), 636 (ldap), 993 (imap), 995 
(pop3).  You can force your traffic to be recognized as SSL by right 
clicking on one of the packets in the packet list and choosing "Decode 
As" and picking SSL from the list.


Steve