Wireshark-users: [Wireshark-users] WireShark SSL Encryption
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: "Ray Tompkins" <ray.tompkins@xxxxxxxxxxxxxxxxxxxx>
Date: Fri, 30 Nov 2007 07:40:07 -0600

The packets are encrypted, so I’m using the Wireshark SSL to decode them. They have given me several files that they believe to be the SSL key. One file with a “cer” extension, one with a “pfx” extension. Then a third file, when I open it looks very much like the rsasnakeoil2.key that we used in WireShark University class. So I’ve tried all three with no success. Here is a screen shot of how I have it setup within WireShark. As you can see I renamed the file and added the key extension.

 

For some reason after installing the key it doesn’t decode the encrypted detail within the packet. Someone also suggested that the key needs to be in a particular type or format.

 

Doing a little more research, I’ve discovered that the trace file contains SSL TLS v1. I have read that SSL TLS V 2 and SSL TSL V 3 are support, but nothing about SSL TSL V1. Could this be the problem.

 

 

 

cid:328553601@29112007-133C

 

 

 

 

Ray Tompkins

ANALYSIS SOLUTION

www.analysissolution.com

832 643 5871