Wireshark mailing list archives
Re: tshark option to decrypt SSL?
From: James Hozier <guitarscn1 () yahoo com>
Date: Thu, 9 Sep 2010 09:47:11 -0700 (PDT)
From: James Hozier <guitarscn1 () yahoo com> Subject: Re: [Wireshark-users] tshark option to decrypt SSL? To: "Community support list for Wireshark" <wireshark-users () wireshark org> Date: Thursday, September 9, 2010, 4:13 PMFrom: Sake Blok <sake () euronet nl> Subject: Re: [Wireshark-users] tshark option todecrypt SSL?To: "Community support list for Wireshark" <wireshark-users () wireshark org> Date: Thursday, September 9, 2010, 4:03 PM On 9 sep 2010, at 17:51, James Hozier wrote:I get the error: can't load private key from/home/unreal/Unreal3.2/server.key.pemInside server.key.pem is: -----BEGIN PRIVATE KEY----- -----END PRIVATE KEY----- And between those lines is the private key. Thereisnothing else.Why can it not load?It should read: -----BEGIN RSA PRIVATE KEY----- You can use openssl to convert your key from PKCS#8toPKCS#1. See: http://www.wireshark.org/lists/wireshark-users/200911/msg00033.html Cheers, SakeHmmm...I did: $ openssl pkcs8 -in server.key.pem -out newserver.key.pem -nocrypt And it ran with no errors or warnings, yet when I checked the newserver.key.pem file, it is exactly the same as the original server.key.pem and Wireshark cannot read it. Strange...
Okay, so I ran: $ openssl rsa -in server.key.pem -out newserver.key.pem And it seems to have done the job (but I'm not quite sure) because I ran Wireshark and it started capturing successfully without any error. But, it's not capturing at all...0 packets even though I am creating traffic on IRC on the SSL port. I tried different combinations of options: $ tshark -V -tad -lnx -o ssl.keys_list:127.0.0.1,4040,irc,/home/unreal/Unreal3.2/newserver.key.pem -R 'irc' $ tshark -V -i en1 -tad -lnx -o ssl.keys_list:127.0.0.1,4040,irc,/home/unreal/Unreal3.2/newserver.key.pem -d tcp.port==4040,irc -R 'irc' -f 'tcp port 4040' And a whole bunch of other combinations thereof. Maybe the key was not properly converted? ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- tshark option to decrypt SSL? James Hozier (Sep 09)
- Re: tshark option to decrypt SSL? M Holt (Sep 09)
- Re: tshark option to decrypt SSL? Sake Blok (Sep 09)
- Re: tshark option to decrypt SSL? James Hozier (Sep 09)
- Re: tshark option to decrypt SSL? Sake Blok (Sep 09)
- Re: tshark option to decrypt SSL? James Hozier (Sep 09)
- Re: tshark option to decrypt SSL? James Hozier (Sep 09)
- Re: tshark option to decrypt SSL? James Hozier (Sep 09)