Wireshark-users: Re: [Wireshark-users] How to decode non-standard SSL traffic

Date: Tue, 23 Jan 2007 09:30:48 -0500
Hi Tomas

Thanks for suggestions!  I did enable SSL debug, and learned a lot from
it.  I saw that Wireshark did not like my RSA-format key file, but liked
the self-signed SSL key file just fine.  And the log file does show that
SSL records are identified and processed.

But, I still can't see the data in the 'application data' packets.

I've included below part of the contents of the SSL debug file.  Frames
312, 394 and 510 are the application data frames.  Do you see any reason
why they weren't decoded?

I'll copy and try the latest Wireshark (0.99.5pre2) now.

Thanks!
tl

ssl_init keys string 192.168.11.114,4433,data,/tmp/server.key
ssl_init found host entry 192.168.11.114,4433,data,/tmp/server.key
ssl_init addr 192.168.11.114 port 4433 filename /tmp/server.key
ssl_get_version: 1.0.8
ssl_load_key: swapping p and q parametes
ssl_init private key file /tmp/server.key successfully loaded
.
.
.
dissect_ssl enter frame #312
dissect_ssl3_record: content_type 23
decrypt_ssl3_record: app_data len 32 ssl state 13
decrypt_ssl3_record: no session key
association_find: TCP port 24531 found (nil)
association_find: TCP port 4433 found 0x8554540
dissect_ssl3_record: content_type 23
decrypt_ssl3_record: app_data len 32 ssl state 13
decrypt_ssl3_record: no session key
association_find: TCP port 24531 found (nil)
association_find: TCP port 4433 found 0x8554540
dissect_ssl enter frame #394
dissect_ssl3_record: content_type 23
decrypt_ssl3_record: app_data len 32 ssl state 13
decrypt_ssl3_record: no session key
association_find: TCP port 24531 found (nil)
association_find: TCP port 4433 found 0x8554540
dissect_ssl3_record: content_type 23
decrypt_ssl3_record: app_data len 32 ssl state 13
decrypt_ssl3_record: no session key
association_find: TCP port 24531 found (nil)
association_find: TCP port 4433 found 0x8554540
dissect_ssl enter frame #510
dissect_ssl3_record: content_type 23
decrypt_ssl3_record: app_data len 32 ssl state 13
decrypt_ssl3_record: no session key
association_find: TCP port 24531 found (nil)
association_find: TCP port 4433 found 0x8554540
dissect_ssl3_record: content_type 23
decrypt_ssl3_record: app_data len 32 ssl state 13
decrypt_ssl3_record: no session key
association_find: TCP port 24531 found (nil)
association_find: TCP port 4433 found 0x8554540


>Hi, 

>try to enable SSL debug output (with setting debug file in SSL
>preferences).
>Either you will see in the file what goes wrong or you can send it
here.
>
>BTW if it is possible skip to version 0.99.5pre2 which contains a
little
>bit better debug SSL output.
>
>Tomas