Re: [Wireshark-dev] Decrypting SSL in dissector

2014-01-11 Thread Jeff Morriss
OK, sorry, I really shouldn't start talking about things I haven't a clue about. I was thinking the UAT was going to send you down a path similar to decode-as which I guess it is. Anyway, I think the answer is on the SSL wiki: http://wiki.wireshark.org/SSL#start_tls (Of course you'd also hav

Re: [Wireshark-dev] Decrypting SSL in dissector

2014-01-10 Thread Rob Napier
So make a separate RSA key table within the amp protocol preferences? And then pass that along to SSL when the protocol goes encrypted? I assume the same issue impacts LDAP/TLS and XMPP? -Rob On Fri, Jan 10, 2014 at 11:51 AM, Jeff Morriss wrote: > I think for that you can't enter the encryptio

Re: [Wireshark-dev] Decrypting SSL in dissector

2014-01-10 Thread Jeff Morriss
I think for that you can't enter the encryption keys in the UAT but rather your amp dissector would need to register for the SSL after the negotiation. On 01/09/14 11:55, Rob Napier wrote: That was exactly it. Thank you! I'm now seeing a much less critical issue: The amp protocol starts off

Re: [Wireshark-dev] Decrypting SSL in dissector

2014-01-09 Thread Dirk Jagdmann
do you have a new_register_dissector("amp", ...) in the proto_register_amp() function? Otherwise the SSL dissector can not match the "amp" string to a dissector handle/function. -- ---> Dirk Jagdmann > http://cubic.org/~doj -> http://llg.cubic.org _

Re: [Wireshark-dev] Decrypting SSL in dissector

2014-01-09 Thread Rob Napier
That was exactly it. Thank you! I'm now seeing a much less critical issue: The amp protocol starts off unencrypted, and then switches to SSL after some negotiation. When I first start wireshark (without providing a decryption key), I see the two AMP negotiation packets, and then SSLv3 packets. Wh

Re: [Wireshark-dev] Decrypting SSL in dissector

2014-01-09 Thread Rob Napier
A little more followup on this one because I'm seeing some even odder behaviors in wireshark than in tshark. I load my plugin for my new protocol "amp" that relies on SSL (as described below). I then go to the SSL preferences to add a decrypt key: IP address: Port:l 52230 Protocol: amp Key File:

[Wireshark-dev] Decrypting SSL in dissector

2014-01-07 Thread Rob Napier
Kurt Knochner helpfully pointed me here versus my original ask.wireshark.org question . I'm writing a new dissector for a protocol that can include SSL traffic. It is somewhat similar to LDAP in that it can start a session unenc