HI , AM trying to open a file which have got tls handshake messages and data further. My Intention was to decrypt the TLS data. Our data is directly below TCP like (TCP--TLS--data). Steps followed:
AM using version 1.0.15 with GnuTLS 1.4.1, with Gcrypt 1.4.4. This is the command i used , [[email protected] ~]# tshark -o "ssl.desegment_ssl_records: TRUE" -o "ssl.desegment_ssl_application_data: TRUE" -o "ssl.keys_list:127.0.0.1,4444,http,/home/amanimar/openssl/device.key" -o "ssl.debug_file:/root/ssl.log" tcp port 4444 -w /root/packet.pcap. Please Help Help asked 23 May '16, 06:22  dhanish edited 23 May '16, 23:32 |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
Below is the ssl.log :
cat ssl.log ssl_init keys string: 127.0.0.1,4444,http,/home/amanimar/openssl/device.key ssl_init found host entry 127.0.0.1,4444,http,/home/amanimar/openssl/device.key ssl_init addr '127.0.0.1' port '4444' filename '/home/amanimar/openssl/device.key' password(only for p12 file) '(null)' Private key imported: KeyID 83:33:D6:6E:68:A3:76:09:1E:C4:D9:DE:41:3A:AA:95:... ssl_init private key file /home/amanimar/openssl/device.key successfully loaded association_add TCP port 4444 protocol http handle 0x2b48f5246c40 association_find: TCP port 993 found 0x2b48f5a205b0 ssl_association_remove removing TCP 993 - imap handle 0x2b48f5265350 association_add TCP port 993 protocol imap handle 0x2b48f5265350 association_find: TCP port 995 found 0x2b48f5a20620 ssl_association_remove removing TCP 995 - pop handle 0x2b48f53e3160 association_add TCP port 995 protocol pop handle 0x2b48f53e3160 [[email protected] ~]#Your comment has been edited to use the correct format for code or text output to make it easier to read.