Wireshark-dev: [Wireshark-dev] packet-ssl bug(s)?
From: "Maynard, Chris" <Christopher.Maynard@xxxxxxxxx>
Date: Wed, 30 Aug 2006 01:18:31 -0400
Since SSL decryption is now supposed to be supported on the Windows installer, I thought I would try out the "snakeoil2" example posted at http://wiki.wireshark.org/SSL. First, I set the RSA keys list as specified - well almost as specified. The wiki says the file name is snakeoil2.key, but it actually extracts as rsasnakeoil2.key. Next, I opened the rsasnakeoil2.cap file. At first glance, things look pretty good. For example, if you select Frame #11, Info column shows "GET / HTTP/1.1", and the packet details pane contains a separate tree for "Hypertext Transfer Protocol", which can be expanded to show the decrypted details. Nice. However if you look at Frame #31, for example, the Info column displays "GET /icons/debian/openlogo-25.jpg HTTP/1.1", but the packet details pane doesn't actually display the decrypted data. Continuing, I then applied an ssl display filter. At this point, things seemed to go horribly wrong. Frame #11 still seemed ok at this point, but most frames, including Frame #31 now showed only "Application Data" in the Info column where more useful text was once shown. What's even weirder to me is that when you clear the ssl display filter, the Info column still displays just the "Application Data" rather than reverting back to the original text. It gets even worse. If you merely close the file, reopen it, then look at Frame #11, its Info column still displays the correct text, but now the HTTP decrypted data no longer appears. Applying the ssl filter and then clearing it now affects Frame #11 the same as all the other frames. Basically you have to exit Wireshark then restart it to ever have that Frame decrypted again. On the Windows PC, I tried the example using wireshark SVN version 19082. I also tried this with Wireshark 0.99.3 running on Linux Fedora Core 4 and had the same results. Regards, Chris ----------------------------------------- This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, retention, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply email and delete all copies of this message. Also, email is susceptible to data corruption, interception, tampering, unauthorized amendment and viruses. We only send and receive emails on the basis that we are not liable for any such corruption, interception, tampering, amendment or viruses or any consequence thereof.
- Prev by Date: [Wireshark-dev] A question about ASN.1 encoding in wireshark
- Next by Date: Re: [Wireshark-dev] A question about ASN.1 encoding in wireshark
- Previous by thread: [Wireshark-dev] A question about ASN.1 encoding in wireshark
- Next by thread: [Wireshark-dev] wireshark crash
- Index(es):