Wireshark-users: Re: [Wireshark-users] Newcomer question
From: "Robert D. Scott" <robert@xxxxxxx>
Date: Mon, 24 Mar 2008 17:02:13 -0400
127.0.0.1,443,http,c:\path\to\snakeoil2.key from http://wiki.wireshark.org/SSL?highlight=%28SSL%29 You are missing a parameter Robert ________________________________ From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Goss, Chad Sent: Monday, March 24, 2008 3:39 PM To: wireshark-users@xxxxxxxxxxxxx Subject: [Wireshark-users] Newcomer question Hi All, Newbie question, I am decoding SSL, but running into some issues, namely it aint working yet. J Details below.. thanks in advance -chad **************************************************************************** ********************************** Heres my setup: Windows XP Pro 1) SSL plugin (ethereal-ssl-decrypt) downloaded from http://sourceforge.net/project/showfiles.php?group_id=155260 2) SSL Client: Browser running on 192.168.16.151à ß SSL Server running on 172.4.1.2 3) Sniffing using Wireshark 0.99.7 located on SSL Client PC 4) Configured editàpreferencesàprotocolsàSSL: - RSA Keys List: 172.4.1.2:443:0003310-ccert.p12 - SSL Debug File: c:\ssldebug PROBLEM: 1) it appears that the decoder isnt liking the format of the RSA Key Files List, I am getting this error: ssl_init keys string: 172.4.1.2:443:0003310-ccert.p12 ssl_init found host entry 172.4.1.2:443:0003310-ccert.p12 ssl_init entry malformed can't find port in '172.4.1.2:443:0003310-ccert.p12' association_find: TCP port 636 found 06D10888 ssl_association_remove removing TCP 636 - ldap handle 02D05268 association_add TCP port 636 protocol ldap handle 02D05268 association_find: TCP port 993 found 06D108C8 ssl_association_remove removing TCP 993 - imap handle 02CED4B8 association_add TCP port 993 protocol imap handle 02CED4B8 association_find: TCP port 995 found 06D10908 ssl_association_remove removing TCP 995 - pop handle 03A79338 association_add TCP port 995 protocol pop handle 03A79338 2) if I change the delimeter from : to , (I saw a snippet of the code on the internet that lead me to believe that a comma separator might be the correct delimiter, even though the readme says colon.. I get the following error: ssl_init keys string: 172.4.1.2,443,0003310-ccert.p12 ssl_init found host entry 172.4.1.2,443,0003310-ccert.p12 ssl_init entry malformed can't find filename in 443 association_find: TCP port 636 found 06D10888 ssl_association_remove removing TCP 636 - ldap handle 02D05268 association_add TCP port 636 protocol ldap handle 02D05268 association_find: TCP port 993 found 06D108C8 ssl_association_remove removing TCP 993 - imap handle 02CED4B8 association_add TCP port 993 protocol imap handle 02CED4B8 association_find: TCP port 995 found 06D10908 ssl_association_remove removing TCP 995 - pop handle 03A79338 association_add TCP port 995 protocol pop handle 03A79338
- References:
- [Wireshark-users] Newcomer question
- From: Goss, Chad
- [Wireshark-users] Newcomer question
- Prev by Date: [Wireshark-users] Newcomer question
- Next by Date: Re: [Wireshark-users] GUI problem with Mac OS X
- Previous by thread: [Wireshark-users] Newcomer question
- Next by thread: [Wireshark-users] 回复: Wireshark-users Digest, Vol 22, Issue 65
- Index(es):