Decode of NVMe/TCP frames with TLS

asked 2024-10-10 16:07:55 +0000

sekar-wdc gravatar image

Hi,

Decode of NVMe/TCP frames with TLS after applying TLS keylogfile does not appear to fully decode NVMe/TCP frames. Are there additional steps necessary ?

edit retag flag offensive close merge delete

Comments

There is a sample capture without TLS attached to 15735: Add dissection support for NVMe/TCP.
Do you get a clean dissection of it with your Wireshark?

Chuckc gravatar imageChuckc ( 2024-10-10 16:20:10 +0000 )edit

Thanks. I do see the sample capture correctly. Do you have a similar one with NVMe/TCP with TLS ? I've used the TLS keylogfile decode option. I'm wondering if maybe the issue is decode of both NVMe/TCP with TLS.

sekar-wdc gravatar imagesekar-wdc ( 2024-10-10 17:24:20 +0000 )edit

If only they had shared the trace in here Saving an NVMe-over-TCP with TLS trace after decryption :-)
I didn't find one with TLS on initial searching. Can you share one from a lab/non-production environment?

11359: NVMe-over-TCP: enable TLS dissector was added just last year. You are using a current version of Wireshark?

Chuckc gravatar imageChuckc ( 2024-10-10 17:35:53 +0000 )edit

Yes. I am on v4.4.1. Where should I share the trace and sslkeylogfile ?

sekar-wdc gravatar imagesekar-wdc ( 2024-10-10 17:58:06 +0000 )edit

If you can make them public, place on public file share (Google, Microsoft, AWS) then update the question with a link to them. If they need to be kept confidential you could open a Wireshark Gitlab issue and make it "Confidential".

Chuckc gravatar imageChuckc ( 2024-10-10 18:17:58 +0000 )edit
see more comments