Wireshark-users: Re: [Wireshark-users] saving decoded ssl packets back to libpcap format
I know there's a program called SSLDump, maybe that could be used?
http://www.rtfm.com/ssldump/
On Tue, 21 Nov 2006 10:22:38 -0500, "Kenneth Hunt"
<kenneth.hunt.b@xxxxxxxxx> said:
> OK... I worked on this yesterday, and I think the answer involves
> text2pcap which can read in hex dumps of packets... my theory is that
> decoding the packets and saving them in the interim format means I can
> pull them back in. decoded... anyone else think this is possible?
>
> Can anyone confirm this is the right approach? I think I'm missing the
> correct switches on the commandline when writing the packets to a file:
>
> tshark -x -r rsasnakeoil2.cap -o "ssl.keys_list:
> 127.0.0.1,443,http,./rsasnakeoil2.key" -o "ssl.debug_file:
> ./ssldebug.txt"
> -w out.cap
>
> all I get is the encoded packet stream in the .cap file.
>
> Kenneth Hunt
> Bayer Corporate and Business Services LLC
> North America Information Technology
> IS Analyst
> http://www.linkedin.com/in/kennethhunt
>
>
>
>
> "deepali goel" <deepaligoel2003@xxxxxxxxx>
> Sent by: wireshark-users-bounces@xxxxxxxxxxxxx
> 11/20/2006 11:45 PM
> Please respond to
> Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx>
>
>
> To
> "Community support list for Wireshark" <wireshark-users@xxxxxxxxxxxxx>
> cc
>
> Subject
> Re: [Wireshark-users] saving decoded ssl packets back to libpcap format
>
>
>
>
>
>
> i know the contents of my packet but cant see the packet flowing in the
> traffic captured??
>
> On 11/21/06, Kenneth Hunt <kenneth.hunt.b@xxxxxxxxx> wrote:
>
> I can open the sample file snakeoil2.tgz in the wiki:
> http://wiki.wireshark.org/SSL
>
> Is it possible to save the decoded packets back to libpcap format so I
> can
> reopen it with out the SSL settings?
> I am using 127.0.0.1,443,http,c:\rsasnakeoil2.key with the private key in
> the root of my c drive.
>
>
>
>
> Kenneth Hunt
> Bayer Corporate and Business Services LLC
> North America Information Technology
> IS Analyst
>
>
>
> The information contained in this e-mail is for the exclusive use of the
> intended recipient(s) and may be confidential, proprietary, and/or
> legally
> privileged. Inadvertent disclosure of this message does not constitute a
> waiver of any privilege. If you receive this message in error, please do
> not directly or indirectly use, print, copy, forward, or disclose any
> part
> of this message. Please also delete this e-mail and all copies and
> notify
> the sender. Thank you.
>
> For alternate languages please go to http://bayerdisclaimer.bayerweb.com
>
>
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-users
>
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-users
>
--
Hans Nilsson
hasse_gg@xxxxxxxx
--
http://www.fastmail.fm - Access all of your messages and folders
wherever you are