Re: tshark option to decrypt SSL?

[James Hozier <guitarscn1 () yahoo com>]

> From: Sake Blok <sake () euronet nl>
> Subject: Re: [Wireshark-users] tshark option to decrypt SSL?
> To: "Community support list for Wireshark" <wireshark-users () wireshark org>
> Date: Thursday, September 9, 2010, 3:14 PM
> On 9 sep 2010, at 16:30, James Hozier
> wrote:
>
> > Here is what I have so far:
> > tshark -tad -lnx -d tcp.port==4040,irc -R 'irc'
> >
> > What should I add in order for it to capture and also
> decrypt SSL traffic
> > as well, with the private server certificate on the
> machine this is being
> > run from?
>
> If traffic on port 4040 is SSL encrypted IRC traffic, then
> you would use the following:
>
> tshark -tad -lnx -o
> ssl.keys_list:<server-ip>,4040,irc,<path-to-private-key>
> -R irc
>
> You might want to use -V as well to get full protocol
> decodes, including the decrypted irc details.
>
> Cheers,
>
>
> Sake

Thank you. I have this:

$ sudo tshark -tad -lnx -o ssl.keys_list:127.0.0.1,4040,irc,/home/unreal/Unreal3.2/server.key.pem -R irc -V

I get the error: can't load private key from /home/unreal/Unreal3.2/server.key.pem

Inside server.key.pem is:
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----

And between those lines is the private key. There is nothing else.

Why can it not load? 


      

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe