[Wireshark-users] Decrypt SSL fails with testcase SampleCaptures/snakeoil2_070531.tgz
Hi there, I just downloaded and compiled[1] Wireshark release 0.99.6 on Linux (Debian Etch release 4.0). Then I tried to decrypt the sample capture of an SSL connection provided in the Wireshark wiki: http://wiki.wireshark.org/SSL In the SSL preferences, I specified the RSA private key rsasnakeoil2.key which came with the captured data. Additionally I specified a SSL debug file. When I load the capture file rsasnakeoil2.cap into Wireshark and view packets that contain Application Data, the data is still encrypted. The debug file shows that the RSA private key has been loaded: ssl_init private key file /home/daniel/mx12/httpd_privkey.pem successfully loaded but according to the debug file Wireshark fails to decrypt the pre master secret which is exchanged in frame #8: dissect_ssl enter frame #8 (first time) ... pre master encrypted[128]: ... ssl_decrypt_pre_master_secret:RSA_private_decrypt pcry_private_decrypt: stripping 0 bytes, decr_len 128 decypted_unstrip_pre_master[128]: ... ssl_decrypt_pre_master_secret wrong pre_master_secret lenght (128, expected 48) dissect_ssl3_handshake can't decrypt pre master secret What can be the reason for to long a pre master secret? Are there any other prerequisites I have to do to decrypt SSL successfully? Cheers Daniel [1] Compiled with GTK+ 2.8.20, with GLib 2.12.4, with libpcap 0.9.5, with libz 1.2.3, with libpcre 6.7, without Net-SNMP, without ADNS, without Lua, with GnuTLS 1.0.16, with Gcrypt 1.2.3, with MIT Kerberos, without PortAudio, without AirPcap. ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
Re: [Wireshark-users] Assertion failure proto.c:2902 for SNMP V3 authPriv
Given the fact that that you already sent us your passwords could you first change them and then send me (or the list if the machine is not reachable from internet) a file with the packet that triggers the bug? Thanks, Luis. On 7/16/07, Rajasankar K [EMAIL PROTECTED] wrote: Hi, I have version wireshark-0.99.7-SVN-22293 compiled and installed in Linux myhost 2.6.9-22.ELsmp #1 SMP Mon Sep 19 18:32:14 EDT 2005 i686 i686 i386 GNU/Linux. When I try to open a capture file I see the following and cannot see the encrypted contents. The packets have both auth and privacy enabled. msgData: encryptedPDU (1) encryptedPDU: 0B8B42273BEAF68B62709A135537338FA09223A373C8550D... [Dissector bug, protocol SNMP: proto.c:2902: failed assertion tvb != ((void *)0 ) || *length == 0] I have the following entry in ~/.wireshark/snmp_users file. 80A103122334455667, admin_0016b50a9734, SHA1, TOOLS TEAM,AES,TOOLS TEAM I can see the same error messsage for the following bug in bugzilla, [Bug 1638] SMB Pipe dissector bug on certain packets. The resolution says it's fixed in SVN 22053. I'm currently using 22293. Any clues about this problem? -- Raja. Yahoo! Singapore Answers Real people. Real questions. Real answers. Share what you know at http://answers.yahoo.com.sg ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users -- This information is top security. When you have read it, destroy yourself. -- Marshall McLuhan ___ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
