Revision history  [back]

Hello,

I have a device in a network doing SSL sniffing (man in the middle) I have the private key that it uses (this key is manually trusted by the hosts). When I instal the private key into wireshark, and open a capture I do not see any clear text packets.

I also don't appear to be using DH which semes to be a common issue.

Some of the logs:

dissect_ssl enter frame #74 (first time)
packet_from_server: is from server - TRUE
  conversation = 0000022B22750860, ssl_session = 0000022B22755170
  record: offset = 0, reported_length_remaining = 1460

dissect_ssl enter frame #75 (first time)
packet_from_server: is from server - TRUE
  conversation = 0000022B22750860, ssl_session = 0000022B22755170
  record: offset = 0, reported_length_remaining = 1415

dissect_ssl enter frame #76 (first time)
packet_from_server: is from server - TRUE
  conversation = 0000022B22750860, ssl_session = 0000022B22755170
  record: offset = 0, reported_length_remaining = 9
dissect_ssl3_record: content_type 22 Handshake
Calculating hash with offset 5 4
decrypt_ssl3_record: app_data len 4, ssl state 0x10
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 14 offset 5 length 0 bytes, remaining 9 

dissect_ssl enter frame #80 (first time)
packet_from_server: is from server - TRUE
  conversation = 0000022B22750860, ssl_session = 0000022B22755170
  record: offset = 0, reported_length_remaining = 6
dissect_ssl3_record: content_type 20 Change Cipher Spec
ssl_dissect_change_cipher_spec Not using Session resumption
trying to use SSL keylog in C:\mykey.KEY
ssl_load_keyfile failed to open SSL keylog
ssl_finalize_decryption state = 0x210
  Cipher suite (Server Hello) is missing!
packet_from_server: is from server - TRUE
ssl_change_cipher SERVER