I have an unusual SPDY-based protocol that I'm trying to decode. The session begins by the client making an HTTP GET request to the server. The client then makes itself a SPDY server and the server becomes a SPDY client. This allows the server to request data from the client using normal HTTP requests. I'd like to decode the SPDY packets in wireshark. Except for the initial handshake, the rest of the communication is standard SPDY. But when I configure SSL to decode the port as spdy, the packets still appear as SSL. The SSL Record indicates: And I can see the decrypted SSL data. But it doesn't decode the SPDY packet. If I reconfigure to decode the SSL port as HTTP, then it decodes the initial HTTPS handshake, but the rest of the packets are still listed as SSL. I'm familiar with dissectors, and am investigating in the source now, but can wireshark handle switching protocols in the middle of a TLS session? asked 10 Oct '14, 12:32  Rob Napier |
One Answer:
sounds like Wireshark was not able to decode the SSL/TLS session, maybe because your client/server are using DH/DHE (Diffie Hellmann) ciphers. See also here: https://ask.wireshark.org/questions/37223/wireshark-decryption-limitation Can you please check this in the SSL debug file?
Regards answered 21 Oct '14, 07:09  Kurt Knochner ♦ |
