Wireshark · Wireshark-users: Re: [Wireshark-users] Wrong protocol detection - wrong decryption

Wireshark-users: Re: [Wireshark-users] Wrong protocol detection - wrong decryption

From: Sake Blok <sake@xxxxxxxxxx>

Date: Tue, 10 Apr 2012 12:28:04 +0200

On 4 apr 2012, at 17:04, bitozoid wrote:

> On Wed, Apr 4, 2012 at 12:40 PM, Sake Blok <sake@xxxxxxxxxx> wrote:
>> Have you used "start_tls" instead of the port number in your SSL-keys list? So something like:
>> 
>> 1.2.3.4,start_tls,smtp,/tmp/key.pem
> 
> I have tried both. Same result.

With the start_tls option, you should at least see the pre-TLS command and responses dissected as SMTP and not SSL. Just checking, you did not try them both at the same time. You should use one or the other :-)
Are you able to post the capture file and ssl-debug file? And if it is in a test-environment, the private key?

Cheers,
Sake

Follow-Ups:
- Re: [Wireshark-users] Wrong protocol detection - wrong decryption
  - From: bitozoid

References:
- [Wireshark-users] Wrong protocol detection - wrong decryption
  - From: bitozoid
- Re: [Wireshark-users] Wrong protocol detection - wrong decryption
  - From: bitozoid
- Re: [Wireshark-users] Wrong protocol detection - wrong decryption
  - From: Sake Blok
- Re: [Wireshark-users] Wrong protocol detection - wrong decryption
  - From: bitozoid

Prev by Date: Re: [Wireshark-users] Should the "export as text" item be in an "Export Human-readable..." item in the File menu?
Next by Date: [Wireshark-users] large capture files
Previous by thread: Re: [Wireshark-users] Wrong protocol detection - wrong decryption
Next by thread: Re: [Wireshark-users] Wrong protocol detection - wrong decryption
Index(es):
- Date
- Thread