This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hello.

I am using Wireshark 2.0.0 to debug an embedded system that uses DTLS to offload sensitive data with a custom protocol to a PC over WiFi/UDP. Openssl 1.0.2 is in use on both ends and the cipher suite is RSA-AES128-SHA. It took me several hours today to figure out that having the client send its certificate to the server (as well as the usual server-to-client exchange) was confusing the decrypting dissector, which seems only capable of sniffing out the master key if the server behaves like a regular TLS-enabled web server or something. Oookay...no problem...I turned the client certificate presentation off and now I can see my packets beautifully decompressed and deciphered IN THE DTLS DISSECTOR'S DEBUG LOG.

BUT, of course, I'd like to see cleartext of each packet with each packet in the GUI. I notice that before I started trying to decrypt DTLS, my post-handshake packets were all labeled "Application Data" -- now, with the decryption in place, they are all labeled "Continuation Data." Looking at the dissector source, it appears that's what it does when it can't classify a DTLS packet (?). This makes sense as the DTLS section for a packet in the GUI now only shows the topmost level DTLS information (packet type number, length, sequence number). Whereas before it would show the "encrypted data" as well.

So my question is, how do I get the packet cleartext and stats into the GUI, or, failing that, at least correlate the info now in the debug log with the packet trace? Is there some magic I can do with "Decode as..." to force this? Is my setup borked? Or is the dissector currently incapable of handling app data payloads that are custom and weird to it?

Thanks.

asked 16 Dec '15, 22:38

PatchyFog's gravatar image

PatchyFog
6112
accept rate: 0%

Be the first one to answer this question!
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×637
×165
×7
×5

question asked: 16 Dec '15, 22:38

question was seen: 2,019 times

last updated: 16 Dec '15, 22:38

p​o​w​e​r​e​d by O​S​Q​A