Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Wireshark (1.8.2) decrypting (SIP)TLS Traffic

From: Max Mühlbronner <mm () 42com com>
Date: Thu, 23 May 2013 13:19:10 +0200
Hi list,
I just tried to decrypt SIP TLS traffic in wireshark (preferences --> SSL , imported priv key for server ip/port) and was at least able to see decrypted packets in the ssl-logfile when enabling SSL debugging in wireshark. I also made sure to capture the initial handshake, but the decrypted SIP traffic does never shows up in wireshark/packet list?
One thing i noticed is: i have to choose a protocol like "sip","ssl" but there is no "sip-tls" ? But i am not sure if this makes any difference... 

...
association_find: TCP port 1051 found (nil)
association_find: TCP port 5061 found 0xb9eb6268
dissect_ssl3_record decrypted len 651
decrypted app data fragment: SIP/2.0 200 OK
Via: SIP/2.0/TLS 109.22.22.22:5061;branch=z9hG4bK1b7a.e58532f.0
...
I also avoided diffie-hellman ciphers (to keep things simple) and tried a few other things but i am never able to see the packets in the packet list? (Only in the ssl logfile...) 


Any ideas how to debug this?

--
Max Mühlbronner

42com Telecommunication GmbH
Straße der Pariser Kommune 12-16
10243 Berlin

E-Mail: mm () 42com com
Web: www.42com.com

Firmenangaben/Company information:
Handelsregister/Commercial register: Amtsgericht Berlin HRB 99071 B
Umsatzsteuer-ID/VAT-ID: DE223812306
Geschäftsführer/CEO: Thomas Reinig, Alexander Reinig

Diese E-Mail enthält Informationen von 42com Telecommunication GmbH. Diese sind möglicherweise vertraulich und 
ausschließlich für den Adressaten bestimmt. Sollten Sie diese elektronische Nachricht irrtümlicherweise erhalten haben, 
so informieren Sie uns bitte unverzüglich telefonisch oder per E-Mail.

This message is intended only for the use of the individual or entity to which it is addressed. If you have received 
this message by mistake, please notify us immediately.

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: