Hi Ken,
Let us know if your excercise is successful since I think there are other
users who would be interested in the same functionality.
I doubt that you can use the text2pcap utility, since it does not appear
to support decryption. The key point here is that 'wireshark' or 'tshark' can
decrypt SSL traffic (using the server private key). So, I have looked into the
option of adding '-T pdml' as a command argument to 'tshark'.
I do see the result, but still have to execute additional steps (such as
ASCII /HEX decoding) to get the final result. Perhaps we can use text2pcap
program for this purpose, I have not looked deep into this. However, I think
you are looking for a one-step process for achieving the result which I don't
think exists as of yet (a nice-to-have feature :).
Kind regards,
Vijay
Kenneth Hunt <[EMAIL PROTECTED]> wrote:
OK... I worked on this yesterday, and I think the answer involves text2pcap
which can read in hex dumps of packets... my theory is that decoding the
packets and saving them in the interim format means I can pull them back in.
decoded... anyone else think this is possible?
Can anyone confirm this is the right approach? I think I'm missing the correct
switches on the commandline when writing the packets to a file:
tshark -x -r rsasnakeoil2.cap -o "ssl.keys_list:
127.0.0.1,443,http,./rsasnakeoil2.key" -o "ssl.debug_file: ./ssldebug.txt" -w
out.cap
all I get is the encoded packet stream in the .cap file.
Kenneth Hunt
Bayer Corporate and Business Services LLC
North America Information Technology
IS Analyst
http://www.linkedin.com/in/kennethhunt
---------------------------------
"deepali goel" <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED] 11/20/2006 11:45 PM Please respond to
Community support list for Wireshark <[email protected]>
To
"Community support list for Wireshark" <[email protected]>
cc
Subject
Re: [Wireshark-users] saving decoded ssl packets back to libpcap format
i know the contents of my packet but cant see the packet flowing in the traffic
captured??
On 11/21/06, Kenneth Hunt <[EMAIL PROTECTED]> wrote:
I can open the sample file snakeoil2.tgz in the wiki:
http://wiki.wireshark.org/SSL
Is it possible to save the decoded packets back to libpcap format so I can
reopen it with out the SSL settings?
I am using 127.0.0.1,443,http,c:\rsasnakeoil2.key with the private key in the
root of my c drive.
---------------------------------
Kenneth Hunt
Bayer Corporate and Business Services LLC
North America Information Technology
IS Analyst
---------------------------------
---------------------------------
The information contained in this e-mail is for the exclusive use of the
intended recipient(s) and may be confidential, proprietary, and/or legally
privileged. Inadvertent disclosure of this message does not constitute a
waiver of any privilege. If you receive this message in error, please do not
directly or indirectly use, print, copy, forward, or disclose any part of this
message. Please also delete this e-mail and all copies and notify the sender.
Thank you.
For alternate languages please go to http://bayerdisclaimer.bayerweb.com
---------------------------------
_______________________________________________
Wireshark-users mailing list
[email protected]
http://www.wireshark.org/mailman/listinfo/wireshark-users
_______________________________________________
Wireshark-users mailing list
[email protected]
http://www.wireshark.org/mailman/listinfo/wireshark-users
_______________________________________________
Wireshark-users mailing list
[email protected]
http://www.wireshark.org/mailman/listinfo/wireshark-users
---------------------------------
Sponsored Link
Want a degree but can't afford to quit? Online degrees from top schools - in as
fast as 1 year_______________________________________________
Wireshark-users mailing list
[email protected]
http://www.wireshark.org/mailman/listinfo/wireshark-users
