Wireshark · Wireshark-users: [Wireshark-users] Can wireshark decrypt PEAP

Wireshark-users: [Wireshark-users] Can wireshark decrypt PEAP
From: "Yakan, Medhat" <medhat.yakan@xxxxxxxxxxxxx>
Date: Wed, 30 Jan 2008 14:32:42 -0800
I am trying to get wireshark to decrypt the SSL encrypted application
data in the PEAP phase 2 exchange, but no luck using the SSL dissector.
Any feedback is appreciated.
Here is the contents of my SSL debug file.
 
ssl_association_remove removing TCP 8812 - radius handle 02DDC2A8
ssl_init keys string:
192.168.10.44,8812,RADIUS,c:\temp\serverkey.key
ssl_init found host entry
192.168.10.44,8812,RADIUS,c:\temp\serverkey.key
ssl_init addr 192.168.10.44 port 8812 filename c:\temp\serverkey.key
ssl_init private key file c:\temp\serverkey.key successfully loaded
association_add TCP port 8812 protocol RADIUS handle 00000000
association_add could not find handle for protocol 'RADIUS', try to find
'data' dissector
association_find: TCP port 636 found 06979E48
ssl_association_remove removing TCP 636 - ldap handle 02D45C10
association_add TCP port 636 protocol ldap handle 02D45C10
association_find: TCP port 993 found 06979E88
ssl_association_remove removing TCP 993 - imap handle 02C38638
association_add TCP port 993 protocol imap handle 02C38638
association_find: TCP port 995 found 06979EC8
ssl_association_remove removing TCP 995 - pop handle 02DB6D90
association_add TCP port 995 protocol pop handle 02DB6D90
 
dissect_ssl enter frame #5 (first time)
ssl_session_init: initializing ptr 078A18F8 size 564
association_find: UDP port 2060 found 00000000
packet_from_server: is from server - FALSE
dissect_ssl server 192.168.10.44:8812
dissect_ssl3_record: content_type 22
decrypt_ssl3_record: app_data len 67 ssl, state 0x00
association_find: UDP port 2060 found 00000000
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 1 offset 5 length 63 bytes,
remaining 72 
dissect_ssl3_hnd_hello_common found CLIENT RANDOM -> state 0x01
 
dissect_ssl enter frame #8 (first time)
dissect_ssl3_record found version 0x0301 -> state 0x11
dissect_ssl3_record: content_type 22
decrypt_ssl3_record: app_data len 42 ssl, state 0x11
association_find: UDP port 8812 found 00000000
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 2 offset 5 length 38 bytes,
remaining 47 
dissect_ssl3_hnd_hello_common found SERVER RANDOM -> state 0x13
ssl_restore_session can't find stored session
dissect_ssl3_hnd_srv_hello found CIPHER 0x0016 -> state 0x17
dissect_ssl3_hnd_srv_hello not enough data to generate key (required
0x37)
dissect_ssl3_record: content_type 22
decrypt_ssl3_record: app_data len 566 ssl, state 0x17
association_find: UDP port 8812 found 00000000
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 11 offset 52 length 562 bytes,
remaining 618 
dissect_ssl3_record: content_type 22
decrypt_ssl3_record: app_data len 397 ssl, state 0x17
association_find: UDP port 8812 found 00000000
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 12 offset 623 length 393 bytes,
remaining 1020 
dissect_ssl3_record: content_type 22
decrypt_ssl3_record: app_data len 4 ssl, state 0x17
association_find: UDP port 8812 found 00000000
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 14 offset 1025 length 0 bytes,
remaining 1029 
 
dissect_ssl enter frame #9 (first time)
dissect_ssl3_record: content_type 22
decrypt_ssl3_record: app_data len 134 ssl, state 0x17
association_find: UDP port 2060 found 00000000
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 16 offset 5 length 130 bytes,
remaining 139 
dissect_ssl3_handshake found SSL_HND_CLIENT_KEY_EXCHG state 0x17
ssl_decrypt_pre_master_secret key 17 diferent from KEX_RSA(16)
dissect_ssl3_handshake can't decrypt pre master secret
dissect_ssl3_record: content_type 20
dissect_ssl3_change_cipher_spec
association_find: UDP port 2060 found 00000000
packet_from_server: is from server - FALSE
ssl_change_cipher CLIENT
dissect_ssl3_record: content_type 22
decrypt_ssl3_record: app_data len 40 ssl, state 0x17
association_find: UDP port 2060 found 00000000
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 90 offset 150 length 14195706
bytes, remaining 190 
 
dissect_ssl enter frame #10 (first time)
dissect_ssl3_record: content_type 20
dissect_ssl3_change_cipher_spec
association_find: UDP port 8812 found 00000000
packet_from_server: is from server - FALSE
ssl_change_cipher CLIENT
dissect_ssl3_record: content_type 22
decrypt_ssl3_record: app_data len 40 ssl, state 0x17
association_find: UDP port 8812 found 00000000
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 129 offset 11 length 4325887
bytes, remaining 51 
 
dissect_ssl enter frame #12 (first time)
dissect_ssl3_record: content_type 23
decrypt_ssl3_record: app_data len 24 ssl, state 0x17
association_find: UDP port 8812 found 00000000
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
association_find: UDP port 8812 found 00000000
association_find: UDP port 2060 found 00000000
dissect_ssl3_record: content_type 23
decrypt_ssl3_record: app_data len 32 ssl, state 0x17
association_find: UDP port 8812 found 00000000
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
association_find: UDP port 8812 found 00000000
association_find: UDP port 2060 found 00000000
 
dissect_ssl enter frame #13 (first time)
dissect_ssl3_record: content_type 23
decrypt_ssl3_record: app_data len 40 ssl, state 0x17
association_find: UDP port 2060 found 00000000
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
association_find: UDP port 2060 found 00000000
association_find: UDP port 8812 found 00000000
 
dissect_ssl enter frame #14 (first time)
dissect_ssl3_record: content_type 23
decrypt_ssl3_record: app_data len 24 ssl, state 0x17
association_find: UDP port 8812 found 00000000
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
association_find: UDP port 8812 found 00000000
association_find: UDP port 2060 found 00000000
dissect_ssl3_record: content_type 23
decrypt_ssl3_record: app_data len 32 ssl, state 0x17
association_find: UDP port 8812 found 00000000
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
association_find: UDP port 8812 found 00000000
association_find: UDP port 2060 found 00000000
 
dissect_ssl enter frame #15 (first time)
dissect_ssl3_record: content_type 23
decrypt_ssl3_record: app_data len 40 ssl, state 0x17
association_find: UDP port 2060 found 00000000
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
association_find: UDP port 2060 found 00000000
association_find: UDP port 8812 found 00000000
 
dissect_ssl enter frame #16 (first time)
dissect_ssl3_record: content_type 23
decrypt_ssl3_record: app_data len 24 ssl, state 0x17
association_find: UDP port 8812 found 00000000
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
association_find: UDP port 8812 found 00000000
association_find: UDP port 2060 found 00000000
dissect_ssl3_record: content_type 23
decrypt_ssl3_record: app_data len 32 ssl, state 0x17
association_find: UDP port 8812 found 00000000
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
association_find: UDP port 8812 found 00000000
association_find: UDP port 2060 found 00000000
 
dissect_ssl enter frame #15 (already visited)
dissect_ssl3_record: content_type 23
association_find: UDP port 2060 found 00000000
association_find: UDP port 8812 found 00000000

 
---
M. Yakan
Prev by Date: Re: [Wireshark-users] FC Protocol ??
Next by Date: Re: [Wireshark-users] FC Protocol ??
Previous by thread: Re: [Wireshark-users] FC Protocol ??
Next by thread: [Wireshark-users] can't save filter, please help me
Index(es):
- Date
- Thread