Wireshark mailing list archives

Re: tshark option to decrypt SSL?

From: James Hozier <guitarscn1 () yahoo com>
Date: Thu, 9 Sep 2010 09:47:11 -0700 (PDT)

From: James Hozier <guitarscn1 () yahoo com>
Subject: Re: [Wireshark-users] tshark option to decrypt SSL?
To: "Community support list for Wireshark" <wireshark-users () wireshark org>
Date: Thursday, September 9, 2010, 4:13 PM

From: Sake Blok <sake () euronet nl>
Subject: Re: [Wireshark-users] tshark option to

decrypt SSL?

To: "Community support list for Wireshark" <wireshark-users () wireshark org>
Date: Thursday, September 9, 2010, 4:03 PM
On 9 sep 2010, at 17:51, James Hozier
wrote:

I get the error: can't load private key from

/home/unreal/Unreal3.2/server.key.pem


Inside server.key.pem is:
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----

And between those lines is the private key. There

is

nothing else.


Why can it not load?


It should read:

-----BEGIN RSA PRIVATE KEY-----

You can use openssl to convert your key from PKCS#8

to

PKCS#1.

See:  http://www.wireshark.org/lists/wireshark-users/200911/msg00033.html

Cheers,


Sake


Hmmm...I did: $ openssl pkcs8 -in server.key.pem -out
newserver.key.pem -nocrypt

And it ran with no errors or warnings, yet when I checked
the newserver.key.pem file, it is exactly the same as the
original server.key.pem and Wireshark cannot read it.
Strange...


Okay, so I ran:
$ openssl rsa -in server.key.pem -out newserver.key.pem

And it seems to have done the job (but I'm not quite sure) because I ran
Wireshark and it started capturing successfully without any error.

But, it's not capturing at all...0 packets even though I am creating
traffic on IRC on the SSL port. I tried different combinations of
options:

$ tshark -V -tad -lnx -o ssl.keys_list:127.0.0.1,4040,irc,/home/unreal/Unreal3.2/newserver.key.pem -R 'irc'

$ tshark -V -i en1 -tad -lnx -o ssl.keys_list:127.0.0.1,4040,irc,/home/unreal/Unreal3.2/newserver.key.pem -d 
tcp.port==4040,irc -R 'irc' -f 'tcp port 4040'

And a whole bunch of other combinations thereof. Maybe the key was not
properly converted?


      

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

tshark option to decrypt SSL? James Hozier (Sep 09)
- Re: tshark option to decrypt SSL? M Holt (Sep 09)
- Re: tshark option to decrypt SSL? Sake Blok (Sep 09)
  - Re: tshark option to decrypt SSL? James Hozier (Sep 09)
    - Re: tshark option to decrypt SSL? Sake Blok (Sep 09)
    - Re: tshark option to decrypt SSL? James Hozier (Sep 09)
    - Re: tshark option to decrypt SSL? James Hozier (Sep 09)