This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Wireshark SSL debug log as following:

Wireshark SSL debug log

ssl_association_remove removing TCP 443 - http handle 000000000462E6F0
2665 bytes read
PKCS#12 imported
Bag 0/0: PKCS#8 Encrypted key
Private key imported: KeyID 28:59:c6:a1:a4:4b:97:bf:3e:0e:6f:2a:cb:3a:65:83:...
ssl_load_key: swapping p and q parameters and recomputing u
Bag 1/0: Encrypted
Bag 1/0 decrypted: Certificate
Certificate imported: sut01 <<ERROR>>, KeyID 2859c6a1a44b97bf3e0e6f2acb3a65835727c78e
ssl_init IPv4 addr '192.168.253.1' (192.168.253.1) port '443' filename 'C:\rpcPfxCert.pfx' password(only for p12 file) '123'
ssl_init private key file C:\rpcPfxCert.pfx successfully loaded.
association_add TCP port 443 protocol http handle 000000000462E6F0

dissect_ssl enter frame #1 (first time)
ssl_session_init: initializing ptr 000000000615D9E0 size 688
  conversation = 000000000615D6B8, ssl_session = 000000000615D9E0
  record: offset = 0, reported_length_remaining = 74
dissect_ssl3_record found version 0x0301(TLS 1.0) -> state 0x10
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 32, ssl state 0x10
association_find: TCP port 443 found 000000000868EFF0
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
association_find: TCP port 443 found 000000000868EFF0
  record: offset = 37, reported_length_remaining = 37
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 32, ssl state 0x10
association_find: TCP port 443 found 000000000868EFF0
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
association_find: TCP port 443 found 000000000868EFF0

dissect_ssl enter frame #2 (first time)
  conversation = 000000000615D6B8, ssl_session = 000000000615D9E0
  record: offset = 0, reported_length_remaining = 90
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 32, ssl state 0x10
association_find: TCP port 443 found 000000000868EFF0
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
association_find: TCP port 443 found 000000000868EFF0
  record: offset = 37, reported_length_remaining = 53
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 48, ssl state 0x10
association_find: TCP port 443 found 000000000868EFF0
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
association_find: TCP port 443 found 000000000868EFF0

dissect_ssl enter frame #4 (first time)
ssl_session_init: initializing ptr 000000000615E358 size 688
  conversation = 000000000615E030, ssl_session = 000000000615E358
  record: offset = 0, reported_length_remaining = 261
dissect_ssl3_record found version 0x0301(TLS 1.0) -> state 0x10
dissect_ssl3_record: content_type 23 Application Data
decrypt_ssl3_record: app_data len 256, ssl state 0x10
association_find: TCP port 49571 found 0000000000000000
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
association_find: TCP port 49571 found 0000000000000000
association_find: TCP port 443 found 000000000868EFF0

asked 30 Jun '14, 01:15

james%20aichi's gravatar image

james aichi
1111
accept rate: 0%

edited 30 Jun '14, 02:02

grahamb's gravatar image

grahamb ♦
19.8k330206


Your capture starts immediately with Application Data records. Since the encryption of TLS packets depends on previously agreed parameters, you cannot decrypt these packets without a prior completed handshake. You will not be able to decrypt this capture.

Try getting a new capture, before actually connecting.

permanent link

answered 30 Jun '14, 02:04

Lekensteyn's gravatar image

Lekensteyn
2.2k3724
accept rate: 30%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×23

question asked: 30 Jun '14, 01:15

question was seen: 7,316 times

last updated: 30 Jun '14, 02:04

p​o​w​e​r​e​d by O​S​Q​A