Hi Lukasz, I have tested the cifs-utils package from bionic-proposed and able to decrypt the wireshark traces. Verification steps: 1) Start TCPDUMP on port 445. 2) Mount a file share. 3) Use smbinfo keys to get the session id and key. 4) Do some IO on file share. 5) Stop TCPDUMP and open the pcap file in wireshark 6) Copy the session id and key in preference section of SMB2 protocol.
smbinfo keys output: sudo smbinfo keys /mnt/rohith/test.txt SMB3.0 CCM encryption Session Id: 09 02 00 ec 04 60 b0 83 Session Key: 15 b2 1f b0 41 ff fd 58 36 53 fa cd df d1 97 4b Server Encryption Key: 80 0e 28 bc 13 02 2c 7a 7d 55 b1 33 22 43 03 8e Server Decryption Key: 5f 92 26 87 b4 f8 08 da 41 88 f7 cd 95 e0 a9 25 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1886551 Title: wireshark trace decryption To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cifs-utils/+bug/1886551/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
