Wireshark-users: Re: [Wireshark-users] Help with SSL Traffic decrypt / Analysis
From: VJ Thinker <vjatfugen@xxxxxxxxx>
Date: Thu, 8 Mar 2007 10:56:21 -0800 (PST)
Hi Kenneth,
Thanks for the follow-up note and additional pointers. The point is that there is only one relevant private key in all of these transactions (the Server1 web-server private key). Also, even though there is communication between two servers, in reality one of the servers (i.e. Server2) is acting as a HTTPS client to the other (i.e. the web server on Server1).
Our fundamental question is: Can we depend on 'tshark' to perform the SSL decryption given our series of steps or is that something too much to expect?
Best regards,
Vijay
Kenneth Hunt <kenneth.hunt.b@xxxxxxxxx> wrote:
Verify that your private keys are valid on all tiers... isolate the transaction:
4. Server1 -> Server2 (response to request in Step 3).
Capture just this traffic -- without examining your capture indetail I am assuming that the keys are either not valid on server2, or that you are missing the server to server handshake. The only commercial program I have experience with is OPNET ITguru and it uses wireshark as its backend so this is all the same area.
If you are missing the server to server handshake you may need to force the handshake to reoccur, is this a production server?
There is more info on the handshake process here: http://docs.sun.com/source/816-6704-10/ssl_overview.html#13602
I am reading your description of the steps as this is inter server communication, is that what happens or is this still going back to the client?
You might want to find a copy of Wireshark & Ethereal Network Protocol Analyzer Toolkit:
I see amazon has 5 copies in stock right now. http://www.amazon.com/exec/obidos/ASIN/1597490733/techobserver-20
Kenneth
The information contained in this e-mail is for the exclusive use of the intended recipient(s) and may be confidential, proprietary, and/or legally privileged. Inadvertent disclosure of this message does not constitute a waiver of any privilege. If you receive this message in error, please do not directly or indirectly use, print, copy, forward, or disclose any part of this message. Please also delete this e-mail and all copies and notify the sender. Thank you.
For alternate languages please go to http://bayerdisclaimer.bayerweb.com
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users
Looking for earth-friendly autos?
Browse Top Cars by "Green Rating" at Yahoo! Autos' Green Center.
- References:
- Re: [Wireshark-users] Help with SSL Traffic decrypt / Analysis
- From: Kenneth Hunt
- Prev by Date: Re: [Wireshark-users] Help with SSL Traffic decrypt / Analysis
- Next by Date: [Wireshark-users] Help installing 0.99.5
- Previous by thread: Re: [Wireshark-users] Help with SSL Traffic decrypt / Analysis
- Next by thread: Re: [Wireshark-users] FW: [tcpdump-workers] Help on Ethernet Size
- Index(es):