I tried to decrypt RTP data over TCP in Wireshark. Though in the debug logs I'm getting decrypted fragments like the following,
dissect_ssl enter frame #102 (already visited)
conversation = 05666758, ssl_session = 00000000
record: offset = 0, reported_length_remaining = 101
dissect_ssl3_record: content_type 23 Application Data
association_find: TCP port 23500 found 00000000
association_find: TCP port 443 found 04D24DD8
dissect_ssl3_record decrypted len 69
decrypted app data fragment: ....
dissect_ssl enter frame #104 (already visited)
conversation = 05666758, ssl_session = 00000000
record: offset = 0, reported_length_remaining = 101
dissect_ssl3_record: content_type 23 Application Data
association_find: TCP port 23500 found 00000000
association_find: TCP port 443 found 04D24DD8
dissect_ssl3_record decrypted len 69
decrypted app data fragment: ....
dissect_ssl3_record found association 04D24DD8
I can see only encrypted packets in wireshark...
Anything i'm missing? Thanks in advance
asked 17 May '13, 03:27
Kalai
16●5●5●10
accept rate: 0%
edited 17 May '13, 07:52
Jaap ♦
11.7k●16●101
How do you know this is RTP over TCP, what profile is used to provide the framing for RTP on this stream based transport?
I'm only transferring encrypted RTP from the client side over SSL using DHE suite.I tried to decrypt the data in wireshark but I coudn't...