This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hi everyone,

Wireshark will not decrypt a DTLS capture, even when using the sample capture and private key provided in http://wiki.wireshark.org/DTLS (SampleCaptures/snakeoil.tgz).

My log file is shown below. Any help is greatly appreciated!

Private key imported: KeyID dd:29:74:15:7b:e6:76:47:f5:f0:68:3e:8a:55:61:62:...
ssl_init IPv4 addr '127.0.0.1' (127.0.0.1) port '4433' filename 'c:\snakeoil-rsa.key' password(only for p12 file) ''
ssl_init private key file c:\snakeoil-rsa.key successfully loaded.
association_add UDP port 4433 protocol http handle 03F07738
ssl_session_init: initializing ptr 0511187C size 588
association_find: UDP port 33192 found 00000000
packet_from_server: is from server - FALSE
dissect_dtls server 127.0.0.1:4433
association_find: UDP port 33192 found 00000000
packet_from_server: is from server - FALSE
dissect_dtls_record: content_type 22
decrypt_dtls_record: app_data len 106, ssl state 0
decrypt_dtls_record: no session key
dissect_dtls_hnd_hello_common found random state 1
association_find: UDP port 4433 found 05F92B20
packet_from_server: is from server - TRUE
dissect_dtls_record: content_type 22
decrypt_dtls_record: app_data len 15, ssl state 11
decrypt_dtls_record: no session key
association_find: UDP port 33192 found 00000000
packet_from_server: is from server - FALSE
dissect_dtls_record: content_type 22
decrypt_dtls_record: app_data len 106, ssl state 11
decrypt_dtls_record: no session key
dissect_dtls_hnd_hello_common found random state 11
association_find: UDP port 4433 found 05F92B20
packet_from_server: is from server - TRUE
dissect_dtls_record: content_type 22
decrypt_dtls_record: app_data len 82, ssl state 11
decrypt_dtls_record: no session key
dissect_dtls_hnd_hello_common found random state 13
dissect_dtls_hnd_srv_hello found cipher 35, state 17
dissect_dtls_hnd_srv_hello not enough data to generate key (required state 37)
association_find: UDP port 4433 found 05F92B20
packet_from_server: is from server - TRUE
dissect_dtls_record: content_type 22
decrypt_dtls_record: app_data len 844, ssl state 17
decrypt_dtls_record: no session key
association_find: UDP port 4433 found 05F92B20
packet_from_server: is from server - TRUE
dissect_dtls_record: content_type 22
decrypt_dtls_record: app_data len 12, ssl state 17
decrypt_dtls_record: no session key
association_find: UDP port 33192 found 00000000
packet_from_server: is from server - FALSE
dissect_dtls_record: content_type 22
decrypt_dtls_record: app_data len 140, ssl state 17
decrypt_dtls_record: no session key
dissect_dtls_handshake found SSL_HND_CLIENT_KEY_EXCHG, state 17
pre master encrypted[128]:
7c bc c8 94 6c 2e ef 41 70 73 86 76 93 49 e4 d0 
c4 68 d2 25 ef 1a 77 fa a3 cc 26 e4 af bf 33 b4 
6d a3 c4 1a f5 75 77 15 8a c2 01 50 3b bb f9 0b 
83 f5 38 cf ec a5 28 02 6b 72 b0 ac 91 1c 21 ed 
57 5e 5a b5 80 5b 31 fd 67 36 15 ca d5 e7 1b f6 
af 85 f6 67 f0 05 80 1c 26 d6 f7 78 39 8d 41 d6 
ed 68 46 bf 49 1d de a5 09 40 e9 29 72 ba 87 de 
a1 9c a3 59 ff c6 da 42 92 4c 47 a7 58 9d 0f 84 
ssl_decrypt_pre_master_secret:RSA_private_decrypt
pcry_private_decrypt: can't decrypt key:Invalid object
ssl_decrypt_pre_master_secret wrong pre_master_secret length (0, expected 48)
dissect_dtls_handshake can't decrypt pre master secret
association_find: UDP port 33192 found 00000000
packet_from_server: is from server - FALSE
dissect_dtls_record: content_type 20
association_find: UDP port 33192 found 00000000
packet_from_server: is from server - FALSE
dissect_dtls_record: content_type 22
decrypt_dtls_record: app_data len 64, ssl state 17
decrypt_dtls_record: no session key
association_find: UDP port 4433 found 05F92B20
packet_from_server: is from server - TRUE
dissect_dtls_record: content_type 20
association_find: UDP port 4433 found 05F92B20
packet_from_server: is from server - TRUE
dissect_dtls_record: content_type 22
decrypt_dtls_record: app_data len 64, ssl state 17
decrypt_dtls_record: no session key
association_find: UDP port 33192 found 00000000
packet_from_server: is from server - FALSE
dissect_dtls_record: content_type 23
decrypt_dtls_record: app_data len 48, ssl state 17
association_find: UDP port 33192 found 00000000
packet_from_server: is from server - FALSE
decrypt_dtls_record: using client decoder
decrypt_dtls_record: allocating 80 bytes for decrypt data (old len 32)
association_find: UDP port 33192 found 00000000
packet_from_server: is from server - FALSE
dissect_dtls_record: content_type 23
decrypt_dtls_record: app_data len 48, ssl state 17
association_find: UDP port 33192 found 00000000
packet_from_server: is from server - FALSE
decrypt_dtls_record: using client decoder
association_find: UDP port 33192

Thanks,

Gene

asked 13 Jan '12, 09:20

gene's gravatar image

gene
1111
accept rate: 0%


It is working now (tested on Version 1.7.1-SVN-41356 (SVN Rev 41356 from /trunk)). Thanks to all involved for fixing this!

-Gene

permanent link

answered 13 Apr '12, 14:11

gene's gravatar image

gene
1111
accept rate: 0%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×319
×165
×7

question asked: 13 Jan '12, 09:20

question was seen: 3,524 times

last updated: 13 Apr '12, 14:11

p​o​w​e​r​e​d by O​S​Q​A