This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

XMPP decoder

0

Hi! Please, help me!!! I can't decode XMPP packets. It's possible with wireshark? Thanks

asked 16 Mar '14, 19:43

nataap's gravatar image

nataap
1112
accept rate: 0%

edited 16 Mar '14, 20:01

Hadriel's gravatar image

Hadriel
2.7k2939


One Answer:

1

Yes, it decodes XMPP. It assumes the TCP port for it is 5222, so if your server is using a different port you'll need to tell wireshark to decode your particular TCP packets as XMPP by using the "Decode As" feature (either through the Analyze menu, or by right-clicking one of the packets you want it to decode as XMPP). And of course if your XMPP communication is over encrypted SSL/TLS, then wireshark can't decode that unless you give it the key info.

answered 16 Mar '14, 20:04

Hadriel's gravatar image

Hadriel
2.7k2939
accept rate: 18%

Thank you very much! I deactivated SSL/TLS on the OpenFire server and now i can see text of messages!

(17 Mar '14, 09:44) nataap

Where can I the key my client (pidgin) is using? It's likely to be impossible: Unfortunately, this feature can only decrypt traffic that is transport-layer-encryted. If you have any traffic where encryption is implemented in the protocol itself (usually called "STARTTLS"), as with most SMTP or XMPP (Jabber) services, you can not decrypt the traffic like this at the moment.

(23 Oct '14, 16:03) x-yuri