Wireshark · Wireshark-users: [Wireshark-users] Newcomer question

Wireshark-users: [Wireshark-users] Newcomer question

From: "Goss, Chad" <Chad.Goss@xxxxxxxxxx>

Date: Mon, 24 Mar 2008 12:38:53 -0700

Hi All,

Newbie question, I am decoding SSL, but running into some issues, namely… it aint working yet. J

Details below.. thanks in advance

-chad

**************************************************************************************************************

Here’s my setup:

Windows XP Pro

1) SSL plugin (ethereal-ssl-decrypt) downloaded from http://sourceforge.net/project/showfiles.php?group_id=155260

2) SSL Client: Browser running on 192.168.16.151à

ß SSL Server running on 172.4.1.2

3) Sniffing using Wireshark 0.99.7 located on SSL Client PC

4) Configured editàpreferencesàprotocolsàSSL:

- RSA Keys List: “172.4.1.2:443:0003310-ccert.p12”

- SSL Debug File: “c:\ssldebug”

PROBLEM:

1) it appears that the decoder isn’t liking the format of the “RSA Key Files List”, I am getting this error:

ssl_init keys string:

172.4.1.2:443:0003310-ccert.p12

ssl_init found host entry 172.4.1.2:443:0003310-ccert.p12

ssl_init entry malformed can't find port in '172.4.1.2:443:0003310-ccert.p12'

association_find: TCP port 636 found 06D10888

ssl_association_remove removing TCP 636 - ldap handle 02D05268

association_add TCP port 636 protocol ldap handle 02D05268

association_find: TCP port 993 found 06D108C8

ssl_association_remove removing TCP 993 - imap handle 02CED4B8

association_add TCP port 993 protocol imap handle 02CED4B8

association_find: TCP port 995 found 06D10908

ssl_association_remove removing TCP 995 - pop handle 03A79338

association_add TCP port 995 protocol pop handle 03A79338

2) if I change the delimeter from “:” to “,” (I saw a snippet of the code on the internet that lead me to believe that a comma separator might be the correct delimiter, even though the readme says colon.. I get the following error: