Wireshark · Wireshark-users: Re: [Wireshark-users] can't generate keyring material??

Wireshark-users: Re: [Wireshark-users] can't generate keyring material??

From: "Sake Blok" <sake@xxxxxxxxxx>

Date: Wed, 22 Jul 2009 21:29:07 +0200

Hi John,

In your preferences you have configured: "192.168.19.6,443,http,C:\keys\client.services.domain.com.pem", which means wireshark will look for traffic to 192.168.19.6 port 443, while in the trace, traffic has been sent to: 10.10.9.12 port 443 (see: "dissect_ssl server 10.10.9.12:443"). I think you have your client and server ip mixed and should use "10.10.9.12,443,http,C:\keys\client.services.domain.com.pem". Assuming "C:\keys\client.services.domain.com.pem" is actually the provite key of the server listening on 10.10.9.12:443.

Hope this helps,

Cheers,

Sake

----- Original Message -----

From: John Peak -c-

To: wireshark-users@xxxxxxxxxxxxx

Sent: Tuesday, July 21, 2009 8:36 PM

Subject: [Wireshark-users] can't generate keyring material??

I am unable to decrypt a capture even though I have a full SSL handshake and the key is being read properly. I find the following two lines in the debug log, but do not know what they mean:
ssl_generate_keyring_material not enough data to generate key (0x17 required 0x37 or 0x57)
dissect_ssl3_hnd_srv_hello can't generate keyring material

Does anyone have any ideas? More detailed trace below...

ssl_init keys string:
192.168.19.6,443,http,C:\keys\client.services.domain.com.pem
ssl_init found host entry 192.168.19.6,443,http,C:\keys\client.services.domain.com.pem
ssl_init addr '192.168.19.6' port '443' filename 'C:\keys\client.services.domain.com.pem' password(only for p12 file) '(null)'
Private key imported: KeyID 79:BC:DC:80:84:C8:2C:ED:4A:00:E3:E8:06:60:BF:21:...
ssl_init private key file C:\keys\client.services.domain.com.pem successfully loaded
association_add TCP port 443 protocol http handle 031E6590

...snip...

dissect_ssl enter frame #5091 (first time)
ssl_session_init: initializing ptr 0515FB98 size 564
association_find: TCP port 37935 found 00000000
packet_from_server: is from server - FALSE
dissect_ssl server 10.10.9.12:443
dissect_ssl can't find private key for this server! Try it again with universal port 0
dissect_ssl can't find private key for this server (universal port)! Try it again with universal address 0.0.0.0
dissect_ssl can't find any private key!
conversation = 0515F8C0, ssl_session = 0515FB98
record: offset = 0, reported_length_remaining = 110
dissect_ssl3_record: content_type 22
decrypt_ssl3_record: app_data len 105 ssl, state 0x00
association_find: TCP port 37935 found 00000000
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 1 offset 5 length 101 bytes, remaining 110
dissect_ssl3_hnd_hello_common found CLIENT RANDOM -> state 0x01

dissect_ssl enter frame #5092 (first time)
conversation = 050E0B30, ssl_session = 050E0D38
record: offset = 0, reported_length_remaining = 1029
dissect_ssl3_record: content_type 23
decrypt_ssl3_record: app_data len 1024 ssl, state 0x10
association_find: TCP port 37645 found 00000000
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
association_find: TCP port 37645 found 00000000
association_find: TCP port 443 found 044FE8B8

dissect_ssl enter frame #5093 (first time)
conversation = 050E8268, ssl_session = 050E8470
record: offset = 0, reported_length_remaining = 197
dissect_ssl3_record: content_type 23
decrypt_ssl3_record: app_data len 192 ssl, state 0x10
association_find: TCP port 443 found 044FE8B8
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
association_find: TCP port 443 found 044FE8B8

dissect_ssl enter frame #5095 (first time)
conversation = 050E8268, ssl_session = 050E8470
record: offset = 0, reported_length_remaining = 1380
need_desegmentation: offset = 0, reported_length_remaining = 1380

dissect_ssl enter frame #5097 (first time)
conversation = 050E8268, ssl_session = 050E8470
record: offset = 0, reported_length_remaining = 2760
need_desegmentation: offset = 0, reported_length_remaining = 2760

dissect_ssl enter frame #5099 (first time)
conversation = 050E8268, ssl_session = 050E8470
record: offset = 0, reported_length_remaining = 4140
need_desegmentation: offset = 0, reported_length_remaining = 4140

dissect_ssl enter frame #5101 (first time)
conversation = 050E8268, ssl_session = 050E8470
record: offset = 0, reported_length_remaining = 5520
need_desegmentation: offset = 0, reported_length_remaining = 5520

dissect_ssl enter frame #5103 (first time)
conversation = 050E8268, ssl_session = 050E8470
record: offset = 0, reported_length_remaining = 6900
need_desegmentation: offset = 0, reported_length_remaining = 6900

dissect_ssl enter frame #5105 (first time)
conversation = 050E8268, ssl_session = 050E8470
record: offset = 0, reported_length_remaining = 8280
need_desegmentation: offset = 0, reported_length_remaining = 8280

dissect_ssl enter frame #5107 (first time)
conversation = 050E8268, ssl_session = 050E8470
record: offset = 0, reported_length_remaining = 9660
need_desegmentation: offset = 0, reported_length_remaining = 9660

dissect_ssl enter frame #5108 (first time)
conversation = 050E8268, ssl_session = 050E8470
record: offset = 0, reported_length_remaining = 11040
need_desegmentation: offset = 0, reported_length_remaining = 11040

dissect_ssl enter frame #5110 (first time)
conversation = 050E8268, ssl_session = 050E8470
record: offset = 0, reported_length_remaining = 12420
need_desegmentation: offset = 0, reported_length_remaining = 12420

dissect_ssl enter frame #5112 (first time)
conversation = 050E8268, ssl_session = 050E8470
record: offset = 0, reported_length_remaining = 13309
dissect_ssl3_record: content_type 23
decrypt_ssl3_record: app_data len 13304 ssl, state 0x10
association_find: TCP port 443 found 044FE8B8
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
association_find: TCP port 443 found 044FE8B8

dissect_ssl enter frame #5115 (first time)
conversation = 0515F8C0, ssl_session = 0515FB98
record: offset = 0, reported_length_remaining = 1380
need_desegmentation: offset = 0, reported_length_remaining = 1380

dissect_ssl enter frame #5117 (first time)
conversation = 0515F8C0, ssl_session = 0515FB98
record: offset = 0, reported_length_remaining = 2760
need_desegmentation: offset = 0, reported_length_remaining = 2760

dissect_ssl enter frame #5119 (first time)
conversation = 0515F8C0, ssl_session = 0515FB98
record: offset = 0, reported_length_remaining = 4140
need_desegmentation: offset = 0, reported_length_remaining = 4140

dissect_ssl enter frame #5121 (first time)
conversation = 0515F8C0, ssl_session = 0515FB98
record: offset = 0, reported_length_remaining = 5520
need_desegmentation: offset = 0, reported_length_remaining = 5520

dissect_ssl enter frame #5123 (first time)
conversation = 0515F8C0, ssl_session = 0515FB98
record: offset = 0, reported_length_remaining = 6900
need_desegmentation: offset = 0, reported_length_remaining = 6900

dissect_ssl enter frame #5125 (first time)
conversation = 0515F8C0, ssl_session = 0515FB98
record: offset = 0, reported_length_remaining = 8280
need_desegmentation: offset = 0, reported_length_remaining = 8280

dissect_ssl enter frame #5128 (first time)
conversation = 0515F8C0, ssl_session = 0515FB98
record: offset = 0, reported_length_remaining = 8434
dissect_ssl3_record found version 0x0301 -> state 0x11
dissect_ssl3_record: content_type 22
decrypt_ssl3_record: app_data len 8429 ssl, state 0x11
association_find: TCP port 443 found 044FE8B8
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 2 offset 5 length 70 bytes, remaining 8434
dissect_ssl3_hnd_hello_common found SERVER RANDOM -> state 0x13
dissect_ssl3_hnd_srv_hello found CIPHER 0x000A -> state 0x17
dissect_ssl3_hnd_srv_hello trying to generate keys
ssl_generate_keyring_material not enough data to generate key (0x17 required 0x37 or 0x57)
dissect_ssl3_hnd_srv_hello can't generate keyring material
dissect_ssl3_handshake iteration 0 type 11 offset 79 length 2612 bytes, remaining 8434
dissect_ssl3_handshake iteration 0 type 13 offset 2695 length 5731 bytes, remaining 8434
dissect_ssl3_handshake iteration 0 type 14 offset 8430 length 0 bytes, remaining 8434

dissect_ssl enter frame #5131 (first time)
conversation = 050E8BB8, ssl_session = 050E8DC0
record: offset = 0, reported_length_remaining = 1237
dissect_ssl3_record: content_type 23
decrypt_ssl3_record: app_data len 1232 ssl, state 0x10
association_find: TCP port 35796 found 00000000
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
association_find: TCP port 35796 found 00000000
association_find: TCP port 443 found 044FE8B8

dissect_ssl enter frame #5132 (first time)
conversation = 0515F8C0, ssl_session = 0515FB98
record: offset = 0, reported_length_remaining = 1380
need_desegmentation: offset = 0, reported_length_remaining = 1380

dissect_ssl enter frame #5133 (first time)
conversation = 0515F8C0, ssl_session = 0515FB98
record: offset = 0, reported_length_remaining = 1564
dissect_ssl3_record: content_type 22
decrypt_ssl3_record: app_data len 1559 ssl, state 0x17
association_find: TCP port 37935 found 00000000
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 11 offset 5 length 1421 bytes, remaining 1564
dissect_ssl3_handshake iteration 0 type 16 offset 1430 length 130 bytes, remaining 1564
dissect_ssl3_handshake can't find private key

dissect_ssl enter frame #5136 (first time)
conversation = 0515F8C0, ssl_session = 0515FB98
record: offset = 0, reported_length_remaining = 139
dissect_ssl3_record: content_type 22
decrypt_ssl3_record: app_data len 134 ssl, state 0x17
association_find: TCP port 37935 found 00000000
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 15 offset 5 length 130 bytes, remaining 139

dissect_ssl enter frame #5137 (first time)
conversation = 050E8BB8, ssl_session = 050E8DC0
record: offset = 0, reported_length_remaining = 197
dissect_ssl3_record: content_type 23
decrypt_ssl3_record: app_data len 192 ssl, state 0x10
association_find: TCP port 443 found 044FE8B8
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
association_find: TCP port 443 found 044FE8B8

dissect_ssl enter frame #5139 (first time)
conversation = 050E8BB8, ssl_session = 050E8DC0
record: offset = 0, reported_length_remaining = 1380
need_desegmentation: offset = 0, reported_length_remaining = 1380

John Peak
jopeak@xxxxxxxxx

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe

References:
- [Wireshark-users] can't generate keyring material??
  - From: John Peak -c-

Prev by Date: Re: [Wireshark-users] Why are there a lot of ARP traffic in anetwork?
Next by Date: [Wireshark-users] e: filter SNMP traps on enterprise
Previous by thread: [Wireshark-users] can't generate keyring material??
Next by thread: [Wireshark-users] colored packets
Index(es):
- Date
- Thread