Wireshark · Wireshark-dev: Re: [Wireshark-dev] SSL dissector conflicting with dissector plugin

Wireshark-dev: Re: [Wireshark-dev] SSL dissector conflicting with dissector plugin

From: Martin Warnes <martin@xxxxxxxxxxxxxxxxx>

Date: Fri, 12 Jan 2007 19:19:59 +0000

We carry SSL within the Connect:Direct file transfer protocol:

0000   00 00 03 04 00 00 00 50 ba da b4 6c 00 00 08 00  .......P...l....
0010   45 00 00 51 0e 48 40 00 40 06 aa be c0 a8 00 28  E..Q.H@.@......(
0020   c0 a8 00 28 05 54 86 0b 35 13 e0 4d 35 3a 86 3d  ...(.T..5..M5:.=
0030   80 18 20 00 81 e4 00 00 01 01 08 0a 09 53 d3 f3  .. ..........S..
0040   09 53 d3 f3 54 43 50 32 00 02 00 10 00 00 00 09  .S..TCP2........
0050   80 00 00 00 38 00 00 00 16 03 01 00 04 0e 00 00  ....8...........

0060 00

The Connect:Direct protocol in this case is just a header record:

		54 43 50 32 00 02 00 10 00 00 00 09  .S..TCP2........
0050   80 00 00 00 38 00 00 00

and the SSL payload:

		16 03 01 00 04 0e 00 00  ....8...........

0060 00

Regards .. Martin

Stephen Fisher wrote the following on 12/01/2007 19:10:

On Fri, Jan 12, 2007 at 06:50:31PM +0000, Martin Warnes wrote:
Checking the SSL preferences I had an entry for RSA keys list;127.0.0.1,1364,tls,c:\ssltest.key which specified this port so it wascorrectly attempting to dissect this packet as SSL after all.
It sounds like you are trying to dissect SSL/TLS within SSL/TLS. Thedissector is called "ssl" instead of "tls" used above.
My follow-up question would be; Is it possible to follow the SSLstream when the SSL data is embedded in another protocol? This wouldbe a very useful feature for what I'm working on.
What other protocol would SSL be embedded in?


Steve
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev
��������������������������������������������jy�u�����U����2�צ�m�����rV�j��z�b��,�	ڶ�޲V���]jם�Z�%���_����m4



----------------------------------------------------------
Scanned by ClamAV antivirus system - http://www.clamav.net
Virus signatures last updated: Fri Jan 12 18:33:21 2007

Follow-Ups:
- Re: [Wireshark-dev] SSL dissector conflicting with dissector plugin
  - From: Stephen Fisher

References:
- [Wireshark-dev] SSL dissector conflicting with dissector plugin
  - From: Martin Warnes
- Re: [Wireshark-dev] SSL dissector conflicting with dissector plugin
  - From: Martin Warnes
- Re: [Wireshark-dev] SSL dissector conflicting with dissector plugin
  - From: Stephen Fisher

Prev by Date: Re: [Wireshark-dev] SSL dissector conflicting with dissector plugin
Next by Date: Re: [Wireshark-dev] SSL dissector conflicting with dissector plugin
Previous by thread: Re: [Wireshark-dev] SSL dissector conflicting with dissector plugin
Next by thread: Re: [Wireshark-dev] SSL dissector conflicting with dissector plugin
Index(es):
- Date
- Thread