Wireshark-users: Re: [Wireshark-users] saving decoded ssl packets back to libpcap format
From: Kenneth Hunt <kenneth.hunt.b@xxxxxxxxx>
Date: Tue, 21 Nov 2006 10:22:38 -0500

OK... I worked on this yesterday, and I think the answer involves text2pcap which can read in hex dumps of packets... my theory is that decoding the packets and saving them in the interim format means I can pull them back in. decoded... anyone else think this is possible?

Can anyone confirm this is the right approach? I think I'm missing the correct switches on the commandline when writing the packets to a file:

tshark -x -r rsasnakeoil2.cap -o "ssl.keys_list: 127.0.0.1,443,http,./rsasnakeoil2.key" -o "ssl.debug_file: ./ssldebug.txt" -w out.cap

all I get is the encoded packet stream in the .cap file.

Kenneth Hunt
Bayer Corporate and Business Services LLC
North America Information Technology

IS Analyst

http://www.linkedin.com/in/kennethhunt




"deepali goel" <deepaligoel2003@xxxxxxxxx>
Sent by: wireshark-users-bounces@xxxxxxxxxxxxx

11/20/2006 11:45 PM

Please respond to
Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx>

To
"Community support list for Wireshark" <wireshark-users@xxxxxxxxxxxxx>
cc
Subject
Re: [Wireshark-users] saving decoded ssl packets back to libpcap        format





i know the contents of my packet but cant see the packet flowing in the traffic captured??

On 11/21/06, Kenneth Hunt <kenneth.hunt.b@xxxxxxxxx> wrote:

I can open the sample file snakeoil2.tgz  in the wiki:
http://wiki.wireshark.org/SSL

Is it possible to save the decoded packets back to libpcap format so I can reopen it with out the SSL settings?

I am using
127.0.0.1,443,http,c:\rsasnakeoil2.key with the private key in the root of my c drive.





Kenneth Hunt
Bayer Corporate and Business Services LLC
North America Information Technology

IS Analyst





The information contained in this e-mail is for the exclusive use of the intended recipient(s) and may be confidential, proprietary, and/or legally privileged.  Inadvertent disclosure of this message does not constitute a waiver of any privilege.  If you receive this message in error, please do not directly or indirectly use, print, copy, forward, or disclose any part of this message.  Please also delete this e-mail and all copies and notify the sender.  Thank you.

For alternate languages please go to
http://bayerdisclaimer.bayerweb.com


_______________________________________________
Wireshark-users mailing list

Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users

_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users