[prev in list] [next in list] [prev in thread] [next in thread]
List: wireshark-users
Subject: Re: [Wireshark-users] Problem deciphering an openssl stream
From: Philippe Fremy <phil () freehackers ! org>
Date: 2010-10-14 15:48:12
Message-ID: 4CB7263C.3090803 () freehackers ! org
[Download RAW message or body]
[Attachment #2 (text/html)]
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
<a class="moz-txt-link-abbreviated" href="mailto:kolos_ws@ural2.hu">kolos_ws@ural2.hu</a> wrote:
<blockquote cite="mid:alpine.DEB.2.00.1010111433020.29287@robin.fene.hu"
type="cite">
<pre wrap="">Hi Philippe,
</pre>
<blockquote type="cite">
<pre wrap="">Handshake Protocol: Server Hello
[...]
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
I don't see any DH here, so maybe that's not the problem.
</pre>
</blockquote>
<pre wrap=""><!---->
I agree, it doesn't look like it's using DH. What would be interesting to
see if you see a "Client key exchange" or a "Server key exchange" at the
beginning of the SSL session in your capture when you look at it in
Wireshark.
Also, you might want to use "-s 0" when running tcpdump, that just
captures everything.
</pre>
</blockquote>
That's what I did initially, but the wiki of wireshark recommends -s
65535 .<br>
<br>
I did several screenshots of my session, to show the different SSL
packets. If anything explains why I can't decode it, that would be
great. All are attached to this email (hoping the ML will let it
through).<br>
<br>
cheers,<br>
<br>
Philippe<br>
</body>
</html>
["ssl-session.png" (image/png)]
["frame-169.png" (image/png)]
["frame-170.png" (image/png)]
["frame-171.png" (image/png)]
["frame-166.png" (image/png)]
["frame-167.png" (image/png)]
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@wireshark.org>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@wireshark.org?subject=unsubscribe
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic