Wireshark-users: Re: [Wireshark-users] saving decoded ssl packets back to libpcap format
OK... I worked on this yesterday, and I
think the answer involves text2pcap which can read in hex dumps of packets...
my theory is that decoding the packets and saving them in the interim format
means I can pull them back in. decoded... anyone else think this is possible?
Can anyone confirm this is the right approach?
I think I'm missing the correct switches on the commandline when writing
the packets to a file:
tshark -x -r rsasnakeoil2.cap -o "ssl.keys_list:
127.0.0.1,443,http,./rsasnakeoil2.key" -o "ssl.debug_file: ./ssldebug.txt"
-w out.cap
all I get is the encoded packet stream
in the .cap file.
Kenneth Hunt
Bayer Corporate and Business Services LLC
North America Information Technology
IS Analyst
http://www.linkedin.com/in/kennethhunt
"deepali goel"
<deepaligoel2003@xxxxxxxxx>
Sent by: wireshark-users-bounces@xxxxxxxxxxxxx
11/20/2006 11:45 PM
Please respond to
Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx> |
|
To
| "Community support list for Wireshark"
<wireshark-users@xxxxxxxxxxxxx>
|
cc
|
|
Subject
| Re: [Wireshark-users] saving decoded
ssl packets back to libpcap format |
|
i know the contents of my packet but cant see the packet
flowing in the traffic captured??
On 11/21/06, Kenneth Hunt <kenneth.hunt.b@xxxxxxxxx>
wrote:
I can open the sample file snakeoil2.tgz in the wiki: http://wiki.wireshark.org/SSL
Is it possible to save the decoded packets back to libpcap format so I
can reopen it with out the SSL settings?
I am using 127.0.0.1,443,http,c:\rsasnakeoil2.key
with the private key in the root of my c drive.
Kenneth Hunt
Bayer Corporate and Business Services LLC
North America Information Technology
IS Analyst
The information contained in this e-mail
is for the exclusive use of the intended recipient(s) and may be confidential,
proprietary, and/or legally privileged. Inadvertent disclosure of
this message does not constitute a waiver of any privilege. If you
receive this message in error, please do not directly or indirectly use,
print, copy, forward, or disclose any part of this message. Please
also delete this e-mail and all copies and notify the sender. Thank
you.
For alternate languages please go to http://bayerdisclaimer.bayerweb.com
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users