This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

cannot decrypt Fix protocol over SSL

0

Hello

Im using wireshark 1.6.8

Im tring to decode FIX traffic over TLSV1

So, On the SSL Decrypt dialog we fill the

<-ip->

<-port->

<-FIX->

<-path\to\key->

But after clicking on ok , we get the following error appear

"error in column 'Protocol': Could not find dissector for: 'FIX'"

the same problem also when we write <-fix-> in place of <-FIX->

Thanks for help. Sha

This question is marked "community wiki".

asked 02 May '13, 09:44

Brill's gravatar image

Brill
11114
accept rate: 0%

edited 02 May '13, 16:33


One Answer:

1

Unfortunately decrypting FIX SSL/TLS messages is not (yet) implemented. If you try to add an SSL key for FIX (or fix) in Wireshark 1.9.2, you will get the list of allowed dissectors.

error in column 'Protocol': Could not find dissector for: 'fix'
Valid dissectors are:
'http' TCP 443
'smtp' TCP 465
'ldap' TCP 636
'imap' TCP 993
'pop' TCP 995
'q931.tpkt' TCP 1300
'skinny' TCP 2443
'http' TCP 4433
'sip.tcp' TCP 5061

These dissectors call ssl_dissector_add() during their initialization. The FIX dissector does not do that and thus you get that error message.

If you need/want that feature, please file an enhancement bug at https://bugs.wireshark.org with a reference to this question.

Regards
Kurt

answered 02 May '13, 18:24

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

Kurt

Thank you for the information

Is there any other way to decrypt protocol that arent on the list above ?

Sha

(03 May '13, 01:10) Brill

Is there any other way to decrypt protocol that arent on the list above ?

As there is no 'general' way to decrypt SSL/TLS when used within another protocol, you need a special tool that is able to decrypt the FIX protocol. I have not check how FIX uses SSL/TLS. Can you add some information about that?

(03 May '13, 03:07) Kurt Knochner ♦

You can always use "data" as protocol in the SSL keys list, this will just decrypt the traffic and show the decrypted hex data, wthout any further interpretation.

(03 May '13, 03:11) SYN-bit ♦♦

Ah, nice! One new thing learned for today ;-)

(03 May '13, 03:17) Kurt Knochner ♦

Bug 8625 was opened for this.

(03 May '13, 06:27) JeffMorriss ♦

I dont really know how ssl encrypt fix data. Need to investigate that...

Thanks for help and solutions

Shalom

(04 May '13, 15:14) Brill
showing 5 of 6 show 1 more comments