Wireshark-users: Re: [Wireshark-users] tshark option to decrypt SSL?
From: James Hozier <guitarscn1@xxxxxxxxx>
Date: Thu, 9 Sep 2010 08:51:05 -0700 (PDT)
> From: Sake Blok <sake@xxxxxxxxxx>
> Subject: Re: [Wireshark-users] tshark option to decrypt SSL?
> To: "Community support list for Wireshark" <wireshark-users@xxxxxxxxxxxxx>
> Date: Thursday, September 9, 2010, 3:14 PM
> On 9 sep 2010, at 16:30, James Hozier
> wrote:
> 
> > Here is what I have so far:
> > tshark -tad -lnx -d tcp.port==4040,irc -R 'irc'
> > 
> > What should I add in order for it to capture and also
> decrypt SSL traffic
> > as well, with the private server certificate on the
> machine this is being
> > run from?
> 
> If traffic on port 4040 is SSL encrypted IRC traffic, then
> you would use the following:
> 
> tshark -tad -lnx -o
> ssl.keys_list:<server-ip>,4040,irc,<path-to-private-key>
> -R irc
> 
> You might want to use -V as well to get full protocol
> decodes, including the decrypted irc details.
> 
> Cheers,
> 
> 
> Sake

Thank you. I have this:

$ sudo tshark -tad -lnx -o ssl.keys_list:127.0.0.1,4040,irc,/home/unreal/Unreal3.2/server.key.pem -R irc -V

I get the error: can't load private key from /home/unreal/Unreal3.2/server.key.pem

Inside server.key.pem is:
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----

And between those lines is the private key. There is nothing else.

Why can it not load?