Wireshark-users: Re: [Wireshark-users] Help with SSL Traffic decrypt / Analysis

From: Kenneth Hunt <kenneth.hunt.b@xxxxxxxxx>
Date: Thu, 8 Mar 2007 08:54:43 -0500

Verify that your private keys are valid on all tiers... isolate the transaction:
4. Server1 -> Server2 (response to request in Step 3).

Capture just this traffic -- without examining your capture indetail I am assuming that the keys are either not valid on server2, or that you are missing the server to server handshake. The only commercial program I have experience with is OPNET ITguru and it uses wireshark as its backend so this is all the same area.

If you are missing the server to server handshake you may need to force the handshake to reoccur, is this a production server?

There is more info on the handshake process here: http://docs.sun.com/source/816-6704-10/ssl_overview.html#13602

I am reading your description of the steps as this is inter server communication, is that what happens or is this still going back to the client?

You might want to find a copy of Wireshark & Ethereal Network Protocol Analyzer Toolkit:
I see amazon has 5 copies in stock right now. http://www.amazon.com/exec/obidos/ASIN/1597490733/techobserver-20


Kenneth




The information contained in this e-mail is for the exclusive use of the intended recipient(s) and may be confidential, proprietary, and/or legally privileged.  Inadvertent disclosure of this message does not constitute a waiver of any privilege.  If you receive this message in error, please do not directly or indirectly use, print, copy, forward, or disclose any part of this message.  Please also delete this e-mail and all copies and notify the sender.  Thank you.

For alternate languages please go to http://bayerdisclaimer.bayerweb.com