This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Can’t input SSL decryption parameters in Wireshark 2.1 built from source

0

I created a wireshark 2.1.0 build in my local (Ubuntu 14.04). The problem is that I can't set the SSL priviate key or session key in configuration: alt text

Here is the version info on this Wireshark build. Wonder what's wrong here.

Version 2.1.0 (v2.1.0rc0-1613-gfdec865 from master)

Copyright 1998-2016 Gerald Combs <[email protected]> and contributors.
License GPLv2+: GNU GPL version 2 or later <http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.


Compiled (64-bit) with Qt 5.2.1, with libpcap, without POSIX capabilities,
without libnl, with libz 1.2.8, with GLib 2.40.2, without SMI, with c-ares
1.10.0, without Lua, without GnuTLS, without Gcrypt, without Kerberos, with
GeoIP, without QtMultimedia, without AirPcap.


Running on Linux 3.19.0-33-generic, with locale C, with libpcap version 1.6.2,
with libz 1.2.8.
Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz (with SSE4.2)


Built using gcc 4.8.4.


Wireshark is Open Source Software released under the GNU General Public License.


Check the man page and http://www.wireshark.org for more information.

asked 01 Jun ‘16, 15:36

pktUser1001's gravatar image

pktUser1001
201495054
accept rate: 12%

edited 01 Jun ‘16, 16:12

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196

One Answer:

1

without GnuTLS, without Gcrypt

And, therefore, without the ability to decrypt SSL/TLS.

I'm assuming that you're building Wireshark with the Ubuntu developer packages for various libraries it requires. If so, you'll need to get the developer packages for GnuTLS and Gcrypt and install them, and then re-configure and rebuild, so that you get a version of Wireshark that does have the ability to decrypt SSL/TLS.

And, while we're at it:

without SMI

If you expect to be looking at SNMP traffic, a version built with libsmi would be able to read MIBs and do a better job of parsing SNMP requests and responses.

without Lua

A version built with the Lua library can run Lua scripts as packet dissectors, statistics taps, etc., so it's able to use some third-party tools that a version without Lua can't, and, if you're a Lua programmer, it'd let you write your own tools of that sort.

without Kerberos

Which may get in the way of decrypting some traffic encrypted with the aid of Kerberos.

without QtMultimedia

Which I think is what's used for the audio player for some VoIP protocols.

So you might want to load the appropriate versions of some other developer libraries.

answered 01 Jun '16, 16:08

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%

Thanks Guy for the analysis!

(02 Jun '16, 06:43) pktUser1001