This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hello

Im using wireshark 1.6.8

Im tring to decode FIX traffic over TLSV1

So, On the SSL Decrypt dialog we fill the

<-ip->

<-port->

<-FIX->

<-path\to\key->

But after clicking on ok , we get the following error appear

"error in column 'Protocol': Could not find dissector for: 'FIX'"

the same problem also when we write <-fix-> in place of <-FIX->

Thanks for help. Sha

This question is marked "community wiki".

asked 02 May '13, 09:44

Brill's gravatar image

Brill
11114
accept rate: 0%

edited 02 May '13, 16:33


Unfortunately decrypting FIX SSL/TLS messages is not (yet) implemented. If you try to add an SSL key for FIX (or fix) in Wireshark 1.9.2, you will get the list of allowed dissectors.

error in column 'Protocol': Could not find dissector for: 'fix'
Valid dissectors are:
'http' TCP 443
'smtp' TCP 465
'ldap' TCP 636
'imap' TCP 993
'pop' TCP 995
'q931.tpkt' TCP 1300
'skinny' TCP 2443
'http' TCP 4433
'sip.tcp' TCP 5061

These dissectors call ssl_dissector_add() during their initialization. The FIX dissector does not do that and thus you get that error message.

If you need/want that feature, please file an enhancement bug at https://bugs.wireshark.org with a reference to this question.

Regards
Kurt

permanent link

answered 02 May '13, 18:24

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

Kurt

Thank you for the information

Is there any other way to decrypt protocol that arent on the list above ?

Sha

(03 May '13, 01:10) Brill

Is there any other way to decrypt protocol that arent on the list above ?

As there is no 'general' way to decrypt SSL/TLS when used within another protocol, you need a special tool that is able to decrypt the FIX protocol. I have not check how FIX uses SSL/TLS. Can you add some information about that?

(03 May '13, 03:07) Kurt Knochner ♦

You can always use "data" as protocol in the SSL keys list, this will just decrypt the traffic and show the decrypted hex data, wthout any further interpretation.

(03 May '13, 03:11) SYN-bit ♦♦

Ah, nice! One new thing learned for today ;-)

(03 May '13, 03:17) Kurt Knochner ♦

Bug 8625 was opened for this.

(03 May '13, 06:27) JeffMorriss ♦

I dont really know how ssl encrypt fix data. Need to investigate that...

Thanks for help and solutions

Shalom

(04 May '13, 15:14) Brill
showing 5 of 6 show 1 more comments
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×319
×14

question asked: 02 May '13, 09:44

question was seen: 6,952 times

last updated: 04 May '13, 19:18

p​o​w​e​r​e​d by O​S​Q​A