This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I've looked around for similar logs, but found no actual solution. Dump was taken using

tcpdump -s 0 -i eth0 -v -w dump.pcap

Log: pastebin Dump: cloudshark

I'm out of ideas what may be wrong, some time earlier it worked as usual, but now it does not.

asked 31 Dec '12, 04:56

Alexey%20Pelykh's gravatar image

Alexey Pelykh
6112
accept rate: 0%

edited 31 Dec '12, 05:26

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237


The only SSL/TLS connections in that capture file are to servers of whatsapp.net. Do you have access to their private key?

If no, then you cannot decrypt those SSL connections. See the SSL wiki:

http://wiki.wireshark.org/SSL

If yes (because you are the WhatsApp CEO or the web server admin), then you have entered the key in the wrong format, hence the following message in the debug file:

ssl_find_private_key can't find private key for this server!

What are you trying to do?

Regards
Kurt

permanent link

answered 31 Dec '12, 05:35

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 31 Dec '12, 05:40

Yes, I don't have private key, but the odd thing is: dissect_ssl3_hnd_srv_hello trying to generate keys ssl_generate_keyring_material not enough data to generate key (0x17 required 0x37 or 0x57) dissect_ssl3_hnd_srv_hello can't generate keyring material record: offset = 86, reported_length_remaining = 1374 need_desegmentation: offset = 86, reported_length_remaining = 1374

(31 Dec '12, 05:41) Alexey Pelykh

Yes, I don't have private key,

Then you cannot decrypt SSL, unless you have found a secret bug in the SSL encryption scheme ;-)

An alternative would be to use the '(Pre)-Master-Secret' output by the SSL client (see SSL wiki).

(31 Dec '12, 05:44) Kurt Knochner ♦

Kurt is right, @Alexey. SSL is purposely designed to be unencryptable by a man-in-the-middle, which is what Wireshark is. In absence of the remote site's private key, you would need to have state information generated on the fly within the local program setting up the SSL session. Read more about SSL and you will see why this is the case.

(02 Jan '13, 06:20) Warren Young

Totally agree :) Just over-debugged myself, shame on me :)

(02 Jan '13, 06:39) Alexey Pelykh
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×319
×23

question asked: 31 Dec '12, 04:56

question was seen: 2,595 times

last updated: 02 Jan '13, 06:39

p​o​w​e​r​e​d by O​S​Q​A