What is the best way to add protocols for TLS PSK decoding?

asked 2021-11-05 15:39:43 +0000


We have a custom protocol, and created the LUA dissectors handling it. It works fine, and Wireshark can decode the traffic, encrypted or not. But there is a slight problem when the traffic is protected by TLS PSK, please find the details below.

To decode a captured traffic protected by TLS PSK, we enter the PSK value in the TLS Preferences window (field named Pre-Shared Key). However, this is not enough to decode the traffic - we need to right-click on one of the TLS packets, select "Decode As...", and choose our protocol.

The problem is, that our protocol is not visible on this list, unless we go back to the TLS Preferences window, open the "RSA keys list" sub-dialog, and add an entry there, with our protocol in the "Protocol" column. It seems that other values don't matter, but Wireshark demands that a key file (or at least something resembling it) is provided in the "Key file" column.

Is there a way to add our decoder to TLS decode list, without providing the RSA key? When PSK is used, we don't have a RSA key, also this is unintuitive.

Thanks in advance, and sorry if this question was asked earlier (I didn't find any), or if there are gaps in my understanding.

edit retag flag offensive close merge delete


Another workaround that we found after investigating Wireshark source code is adding a following line to LUA dissectors:

DissectorTable.get("tls.port"):add(0, p_ProtocolName)

Zero as port number seems to work, and now we don't even need to select the protocol in "Decode As..." - Wireshark finds it automatically.

karanos gravatar imagekaranos ( 2021-11-10 15:59:11 +0000 )edit