Hello Im using wireshark 1.6.8 Im tring to decode FIX traffic over TLSV1 So, On the SSL Decrypt dialog we fill the <-ip-> <-port-> <-FIX-> <-path\to\key-> But after clicking on ok , we get the following error appear "error in column 'Protocol': Could not find dissector for: 'FIX'" the same problem also when we write <-fix-> in place of <-FIX-> Thanks for help. Sha This question is marked "community wiki". asked 02 May '13, 09:44  Brill edited 02 May '13, 16:33 |
One Answer:
Unfortunately decrypting FIX SSL/TLS messages is not (yet) implemented. If you try to add an SSL key for FIX (or fix) in Wireshark 1.9.2, you will get the list of allowed dissectors. These dissectors call ssl_dissector_add() during their initialization. The FIX dissector does not do that and thus you get that error message. If you need/want that feature, please file an enhancement bug at https://bugs.wireshark.org with a reference to this question. Regards answered 02 May '13, 18:24  Kurt Knochner ♦ showing 5 of 6 show 1 more comments |
Kurt
Thank you for the information
Is there any other way to decrypt protocol that arent on the list above ?
Sha
As there is no 'general' way to decrypt SSL/TLS when used within another protocol, you need a special tool that is able to decrypt the FIX protocol. I have not check how FIX uses SSL/TLS. Can you add some information about that?
You can always use "data" as protocol in the SSL keys list, this will just decrypt the traffic and show the decrypted hex data, wthout any further interpretation.
Ah, nice! One new thing learned for today ;-)
Bug 8625 was opened for this.
I dont really know how ssl encrypt fix data. Need to investigate that...
Thanks for help and solutions
Shalom