Ask Your Question

Lekensteyn's profile - activity

2019-10-20 18:25:20 +0000 edited question simulate packets of TCP/IP protocols

simulate packets of TCP/IP protocols I hope you don't mind my asking this, but I've been looking for different types of

2019-10-18 22:49:33 +0000 received badge  Rapid Responder (source)
2019-10-18 22:49:33 +0000 answered a question TLS decryption with Tshark and RSA keys

The TLS key log file (not to be confused with debug log file) can indeed not be used with RSA key files, it can only acc

2019-08-13 20:26:49 +0000 edited answer Regular failure to capture HTTP2

There are several possible reasons why you do not always see decryped HTTP/2 traffic: Your capture started while the T

2019-08-13 20:22:35 +0000 answered a question Regular failure to capture HTTP2

There are several possible reasons why you do not always see decryped HTTP/2 traffic: Your capture started while the T

2019-07-20 17:52:11 +0000 edited answer TLS 1.3 Hello Retry Messages

Wireshark supports TLS 1.3 since Wireshark 2.6.0. It of course supports the final RFC 8446 version, but currently suppor

2019-07-20 17:51:31 +0000 answered a question TLS 1.3 Hello Retry Messages

Wireshark supports TLS 1.3 since Wireshark 2.6.0. It of course supports the final RFC 8446 version, but currently suppor

2019-07-20 17:30:06 +0000 commented answer Is there any version of wireshark which support coap over TCP and coap over websockets?

The reporter has opened a bug report at https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15910, CoAP over WebSockets

2019-07-20 17:28:33 +0000 commented answer Why isn't DNS-over-TLS (DoT) - RFC7858 - being dissected by Wireshark 3.0?

DNS-over-TLS (DoT) is different from DNS-over-HTTPS (DoH). The former defaults to TCP port 853 where the latter runs ove

2019-06-19 22:39:15 +0000 received badge  Rapid Responder (source)
2019-06-19 22:39:15 +0000 answered a question Wireshark 3.0.2 Linux for Debian/Ubuntu

You can manually build from source using the latest tarball, the Debian packaging scripts are included. Grab the latest

2019-06-19 01:06:13 +0000 commented answer Help decrypting TLS between socket client and server

If you open the packet capture in Wireshark, you will find it in the packet details:

2019-06-19 00:56:23 +0000 edited answer Display filter for TLS versions in tshark and saving to a new file.

TLS negotiates the TLS version during the handshake. The client reports its minimum version through the tls.record.versi

2019-06-19 00:56:10 +0000 received badge  Rapid Responder (source)
2019-06-19 00:56:10 +0000 answered a question Display filter for TLS versions in tshark and saving to a new file.

TLS negotiates the TLS version during the handshake. The client reports its minimum version through the tls.record.versi

2019-06-19 00:45:05 +0000 edited answer Looking for failed SSL handshakes

When implementations fail during the TLS handshake, they typically do either: Forcefully the TCP connection. This can

2019-06-19 00:44:03 +0000 received badge  Rapid Responder (source)
2019-06-19 00:44:03 +0000 answered a question Looking for failed SSL handshakes

When implementations fail during the TLS handshake, they typically do either: Forcefully the TCP connection. This can

2019-06-19 00:38:44 +0000 edited answer quic malformed packet error

Wireshark has reasonable support (dissection and decryption) for the QUIC version that is in development by the IETF wor

2019-06-19 00:38:14 +0000 edited answer quic malformed packet error

Wireshark has reasonable support (dissection and decryption) for the QUIC version that is in development by the IETF wor

2019-06-19 00:36:55 +0000 answered a question quic malformed packet error

Wireshark has reasonable support (dissection and decryption) for the QUIC version that is in development by the IETF wor

2019-06-15 19:21:04 +0000 commented answer Help decrypting TLS between socket client and server

Building libsslkeylog.so requires OpenSSL development headers which you can install with yum install openssl-devel as ro

2019-06-13 23:38:23 +0000 edited answer Help decrypting TLS between socket client and server

As Graham said, your session is using an ephemeral Diffie-Hellman (DH) cipher suite: ssl_set_cipher found CIPHER 0xC

2019-06-13 23:38:07 +0000 edited answer Help decrypting TLS between socket client and server

As Graham said, your session is using an ephemeral Diffie-Hellman (DH) cipher suite: ssl_set_cipher found CIPHER 0xC

2019-06-13 23:37:13 +0000 received badge  Rapid Responder (source)
2019-06-13 23:37:13 +0000 answered a question Help decrypting TLS between socket client and server

As Graham said, your session is using an ephemeral Diffie-Hellman (DH) cipher suite: ssl_set_cipher found CIPHER 0xC

2019-06-13 23:25:45 +0000 commented answer TLS1.2 handshaking issue, need help, urgent, thanks a ton!

@xjfromsh Why do you think that lack of a Certificate and Key Exchange message is a problem? Session resumption speeds u

2019-06-12 20:56:34 +0000 commented answer Decrypt TLS 1.3 with Wireshark

The slides are now up here: https://lekensteyn.nl/files/wireshark-tls-debugging-sharkfest19us.pdf You need at least Wire

2019-06-12 20:54:08 +0000 commented question mmdbresolve.exe could not be removed. Is it in use?

Can you double-check your process list? It should exit automatically when Wireshark is closed.

2019-06-10 17:39:36 +0000 answered a question How to capture HTTPS traffic with v3.0.2?

If you can absolutely not decrypt any traffic even if the key log file is correctly written and configured in Wireshark,

2018-12-19 22:46:29 +0000 answered a question Wireshark SSLKEYLOGFILE decryption not working

While the key log file is non-empty, some keys are still missing. To cross-reference the keys from the key log file, no

2018-11-01 09:02:50 +0000 edited answer Unable to decrypt HTTPS TLSv1.2 traffic with wireshark (sha1WithRSAEncryption)

You indeed seem to satisfy the required conditions to use RSA private key files: TLS_RSA_WITH_AES_256_GCM_SHA384 uses

2018-11-01 09:02:37 +0000 answered a question Unable to decrypt HTTPS TLSv1.2 traffic with wireshark (sha1WithRSAEncryption)

You indeed seem to satisfy the required conditions to use RSA private key files: - TLS_RSA_WITH_AES_256_GCM_SHA384 uses

2018-11-01 08:54:17 +0000 received badge  Rapid Responder (source)
2018-11-01 08:54:17 +0000 answered a question libssh in Wireshark 2.x for macOS susceptible to CVE-2018-10933 exploit?

The libssh vulnerability does not affect the majority of products since it only affects servers and not client applicati

2018-10-14 06:35:09 +0000 received badge  Nice Answer (source)
2018-10-12 12:02:57 +0000 edited answer Suspicious Activity, TLS mismatch errors, Browser Set to Tls v1.3, seeing v1.0 on SSLLabs

The TLS Client Hello (and Server Hello) have three version fields with the following meanings until TLS 1.2: Record ve

2018-10-12 11:59:01 +0000 commented question Where can I find the TLS version that is being sent from the client through the ClientHello to the server?

This question is answered by the question linked by Graham.

2018-10-02 19:32:19 +0000 received badge  Teacher (source)
2018-09-18 17:01:38 +0000 answered a question Suspicious Activity, TLS mismatch errors, Browser Set to Tls v1.3, seeing v1.0 on SSLLabs

The TLS Client Hello (and Server Hello) have three version fields with the following meanings until TLS 1.2: Record ve

2018-08-07 17:32:08 +0000 edited answer mitmproxy+wireshark: SSL decryption with sslkey

The --rawtcp option will turn mitmproxy into a generic TCP proxy with no TLS interception. See https://docs.mitmproxy.or

2018-08-07 17:31:52 +0000 received badge  Rapid Responder (source)
2018-08-07 17:31:52 +0000 answered a question mitmproxy+wireshark: SSL decryption with sslkey

The --rawtcp option will turn mitmproxy into a generic TCP proxy with no TLS interception. See https://docs.mitmproxy.or

2018-04-20 15:04:26 +0000 answered a question Formal Quality Assurance of Wireshark

Wireshark development is largely driven by volunteers, most of them focus only on a narrow area. There are many open iss

2018-04-20 14:27:32 +0000 answered a question wireshark 2.4.6 cannot decode ssl application data

RSA private key files only work with the RSA key exchange method, but your session uses an ephemeral Diffie-Hellman key

2018-04-20 14:21:25 +0000 received badge  Supporter (source)
2018-04-20 14:21:03 +0000 received badge  Editor (source)
2018-04-20 14:21:03 +0000 edited answer [TLS 1.3] I am getting an error while decrypting the SSL Handshake Traffic -

Be sure that you are using a recent Wireshark version for TLS 1.3 analysis. Initial support for TLS 1.3 (draft 19 up to

2018-04-20 14:20:33 +0000 received badge  Rapid Responder (source)
2018-04-20 14:20:33 +0000 answered a question [TLS 1.3] I am getting an error while decrypting the SSL Handshake Traffic -

Be sure that you are using a recent Wireshark version for TLS 1.3 analysis. Initial support for TLS 1.3 (draft 19 up to