Wireshark · Wireshark-users: Re: [Wireshark-users] Problem deciphering an openssl stream

Wireshark-users: Re: [Wireshark-users] Problem deciphering an openssl stream

From: Philippe Fremy <phil@xxxxxxxxxxxxxxx>

Date: Thu, 14 Oct 2010 17:48:12 +0200

Hi Philippe,

Handshake Protocol: Server Hello
[...]
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)

I don't see any DH here, so maybe that's not the problem.

I agree, it doesn't look like it's using DH. What would be interesting to 
see if you see a "Client key exchange" or a "Server key exchange" at the 
beginning of the SSL session in your capture when you look at it in 
Wireshark.

Also, you might want to use "-s 0" when running tcpdump, that just 
captures everything.

That's what I did initially, but the wiki of wireshark recommends -s 65535 .

I did several screenshots of my session, to show the different SSL packets. If anything explains why I can't decode it, that would be great. All are attached to this email (hoping the ML will let it through).

cheers,

Philippe

References:
- [Wireshark-users] Problem deciphering an openssl stream
  - From: Philippe Fremy
- Re: [Wireshark-users] Problem deciphering an openssl stream
  - From: kolos_ws
- Re: [Wireshark-users] Problem deciphering an openssl stream
  - From: Philippe Fremy
- Re: [Wireshark-users] Problem deciphering an openssl stream
  - From: kolos_ws
- Re: [Wireshark-users] Problem deciphering an openssl stream
  - From: Philippe Fremy
- Re: [Wireshark-users] Problem deciphering an openssl stream
  - From: kolos_ws

Prev by Date: Re: [Wireshark-users] consultation
Next by Date: Re: [Wireshark-users] display text representation of ldap.filter in tshark
Previous by thread: Re: [Wireshark-users] Problem deciphering an openssl stream
Next by thread: [Wireshark-users] Bytes on wire/bytes captured for TCP traffic is larger than MTU
Index(es):
- Date
- Thread