Re: Decrypting SSL in dissector

[Jeff Morriss <jeff.morriss.ws () gmail com>]

I think for that you can't enter the encryption keys in the UAT but 
rather your amp dissector would need to register for the SSL after the 
negotiation.

On 01/09/14 11:55, Rob Napier wrote:
> That was exactly it. Thank you!
>
> I'm now seeing a much less critical issue:
>
> The amp protocol starts off unencrypted, and then switches to SSL after
> some negotiation. When I first start wireshark (without providing a
> decryption key), I see the two AMP negotiation packets, and then SSLv3
> packets. When I add the decryption key, the initial two handshake
> packets get re-decoded as "SSL Continuation Data" and I lose the
> unencrypted handshake information. The encrypted traffic then dissects
> correctly.
>
> Is this expected? Is it possible to view both the encrypted and
> unencrypted portions of the protocol on the same port?
>
> -Rob
>
>
> On Thu, Jan 9, 2014 at 11:38 AM, Dirk Jagdmann <doj () cubic org
> <mailto:doj () cubic org>> wrote:
>
>     do you have a new_register_dissector("amp", ...) in the
>     proto_register_amp()
>     function? Otherwise the SSL dissector can not match the "amp" string
>     to a
>     dissector handle/function.

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
            mailto:wireshark-dev-request () wireshark org?subject=unsubscribe