2020-05-21 21:19:14 +0000 | commented question | Wireshark OUI Lookup Tool Broken @cmaynard Your tool sends the query to the server. I'd not recommend that tool and suggest the Wireshark OUI tool instea |
2020-05-21 21:10:51 +0000 | commented question | Wireshark OUI Lookup Tool Broken A fix has been implemented and deployed, thanks for raising this! |
2020-05-21 19:33:44 +0000 | commented question | Wireshark OUI Lookup Tool Broken I'll restore support for other formats. It was removed because these were not documented as valid options and the old pa |
2020-02-22 17:29:00 +0000 | received badge | ● Rapid Responder (source) |
2020-02-22 17:29:00 +0000 | answered a question | Accessing decrypted TLS data in Lua dissector You should not try to access the decrypted data via a field, but ensure that dissectors call each other. Register your |
2020-02-22 00:24:28 +0000 | commented question | Quic Decryption fails I don't see an attached flow. In any case, note that QUIC is an in-development protocol and subject to change. If you kn |
2020-02-22 00:23:15 +0000 | commented question | TLS1.2 Handshake failure This does not look like TLS traffic to me. |
2020-02-22 00:20:15 +0000 | received badge | ● Commentator |
2020-02-22 00:20:15 +0000 | commented question | Decyption Issue with SSL-key-log file Hi, consider providing the original capture file (note that it will obviously be public, so hopefully it does not have s |
2020-02-22 00:14:26 +0000 | received badge | ● Rapid Responder (source) |
2020-02-22 00:14:26 +0000 | answered a question | How to decrypt TLS 1.3 PSK sent by Zabbix? In TLS 1.2 and before, the PSK can be used with PSK cipher suites such as TLS_PSK_WITH_AES_128_CCM to decrypt sessions i |
2020-02-16 18:04:32 +0000 | received badge | ● Rapid Responder (source) |
2020-02-16 18:04:32 +0000 | answered a question | Lua dissector, loop vs table, what is supported? The result of ProtoField.new(...) should be added to the fields property of a Proto instance. This allows them to be reg |
2020-01-03 13:55:49 +0000 | answered a question | [ws 3.2.0] quic handshake is decrypted but subsequent packets are not From my reply at https://www.wireshark.org/lists/wireshark-users/202001/msg00000.html: In your screenshot, the visible |
2020-01-03 13:53:34 +0000 | commented question | [ws 3.2.0] quic handshake is decrypted but subsequent packets are not (This question was cross-posted at https://www.wireshark.org/lists/wireshark-users/201912/msg00009.html) |
2020-01-03 13:53:05 +0000 | commented question | [ws 3.2.0] quic handshake is decrypted but subsequent packets are not (This question was cross-posted at https://www.wireshark.org/lists/wireshark-users/201912/msg00009.html) |
2020-01-03 13:52:45 +0000 | commented question | [ws 3.2.0] quic handshake is decrypted but subsequent packets are not (This question was cross-posted at https://www.wireshark.org/lists/wireshark-users/201912/msg00009.html) |
2019-10-20 18:25:20 +0000 | edited question | simulate packets of TCP/IP protocols simulate packets of TCP/IP protocols I hope you don't mind my asking this, but I've been looking for different types of |
2019-10-18 22:49:33 +0000 | received badge | ● Rapid Responder (source) |
2019-10-18 22:49:33 +0000 | answered a question | TLS decryption with Tshark and RSA keys The TLS key log file (not to be confused with debug log file) can indeed not be used with RSA key files, it can only acc |
2019-08-13 20:26:49 +0000 | edited answer | Regular failure to capture HTTP2 There are several possible reasons why you do not always see decryped HTTP/2 traffic: Your capture started while the T |
2019-08-13 20:22:35 +0000 | answered a question | Regular failure to capture HTTP2 There are several possible reasons why you do not always see decryped HTTP/2 traffic: Your capture started while the T |
2019-07-20 17:52:11 +0000 | edited answer | TLS 1.3 Hello Retry Messages Wireshark supports TLS 1.3 since Wireshark 2.6.0. It of course supports the final RFC 8446 version, but currently suppor |
2019-07-20 17:51:31 +0000 | answered a question | TLS 1.3 Hello Retry Messages Wireshark supports TLS 1.3 since Wireshark 2.6.0. It of course supports the final RFC 8446 version, but currently suppor |
2019-07-20 17:30:06 +0000 | commented answer | Is there any version of wireshark which support coap over TCP and coap over websockets? The reporter has opened a bug report at https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15910, CoAP over WebSockets |
2019-07-20 17:28:33 +0000 | commented answer | Why isn't DNS-over-TLS (DoT) - RFC7858 - being dissected by Wireshark 3.0? DNS-over-TLS (DoT) is different from DNS-over-HTTPS (DoH). The former defaults to TCP port 853 where the latter runs ove |
2019-06-19 22:39:15 +0000 | received badge | ● Rapid Responder (source) |
2019-06-19 22:39:15 +0000 | answered a question | Wireshark 3.0.2 Linux for Debian/Ubuntu You can manually build from source using the latest tarball, the Debian packaging scripts are included. Grab the latest |
2019-06-19 01:06:13 +0000 | commented answer | Help decrypting TLS between socket client and server If you open the packet capture in Wireshark, you will find it in the packet details: |
2019-06-19 00:56:23 +0000 | edited answer | Display filter for TLS versions in tshark and saving to a new file. TLS negotiates the TLS version during the handshake. The client reports its minimum version through the tls.record.versi |
2019-06-19 00:56:10 +0000 | received badge | ● Rapid Responder (source) |
2019-06-19 00:56:10 +0000 | answered a question | Display filter for TLS versions in tshark and saving to a new file. TLS negotiates the TLS version during the handshake. The client reports its minimum version through the tls.record.versi |
2019-06-19 00:45:05 +0000 | edited answer | Looking for failed SSL handshakes When implementations fail during the TLS handshake, they typically do either: Forcefully the TCP connection. This can |
2019-06-19 00:44:03 +0000 | received badge | ● Rapid Responder (source) |
2019-06-19 00:44:03 +0000 | answered a question | Looking for failed SSL handshakes When implementations fail during the TLS handshake, they typically do either: Forcefully the TCP connection. This can |
2019-06-19 00:38:44 +0000 | edited answer | quic malformed packet error Wireshark has reasonable support (dissection and decryption) for the QUIC version that is in development by the IETF wor |
2019-06-19 00:38:14 +0000 | edited answer | quic malformed packet error Wireshark has reasonable support (dissection and decryption) for the QUIC version that is in development by the IETF wor |
2019-06-19 00:36:55 +0000 | answered a question | quic malformed packet error Wireshark has reasonable support (dissection and decryption) for the QUIC version that is in development by the IETF wor |
2019-06-15 19:21:04 +0000 | commented answer | Help decrypting TLS between socket client and server Building libsslkeylog.so requires OpenSSL development headers which you can install with yum install openssl-devel as ro |
2019-06-13 23:38:23 +0000 | edited answer | Help decrypting TLS between socket client and server As Graham said, your session is using an ephemeral Diffie-Hellman (DH) cipher suite: ssl_set_cipher found CIPHER 0xC |
2019-06-13 23:38:07 +0000 | edited answer | Help decrypting TLS between socket client and server As Graham said, your session is using an ephemeral Diffie-Hellman (DH) cipher suite: ssl_set_cipher found CIPHER 0xC |
2019-06-13 23:37:13 +0000 | received badge | ● Rapid Responder (source) |
2019-06-13 23:37:13 +0000 | answered a question | Help decrypting TLS between socket client and server As Graham said, your session is using an ephemeral Diffie-Hellman (DH) cipher suite: ssl_set_cipher found CIPHER 0xC |
2019-06-13 23:25:45 +0000 | commented answer | TLS1.2 handshaking issue, need help, urgent, thanks a ton! @xjfromsh Why do you think that lack of a Certificate and Key Exchange message is a problem? Session resumption speeds u |
2019-06-12 20:56:34 +0000 | commented answer | Decrypt TLS 1.3 with Wireshark The slides are now up here: https://lekensteyn.nl/files/wireshark-tls-debugging-sharkfest19us.pdf You need at least Wire |
2019-06-12 20:54:08 +0000 | commented question | mmdbresolve.exe could not be removed. Is it in use? Can you double-check your process list? It should exit automatically when Wireshark is closed. |
2019-06-10 17:39:36 +0000 | answered a question | How to capture HTTPS traffic with v3.0.2? If you can absolutely not decrypt any traffic even if the key log file is correctly written and configured in Wireshark, |
2018-12-19 22:46:29 +0000 | answered a question | Wireshark SSLKEYLOGFILE decryption not working While the key log file is non-empty, some keys are still missing. To cross-reference the keys from the key log file, no |
2018-11-01 09:02:50 +0000 | edited answer | Unable to decrypt HTTPS TLSv1.2 traffic with wireshark (sha1WithRSAEncryption) You indeed seem to satisfy the required conditions to use RSA private key files: TLS_RSA_WITH_AES_256_GCM_SHA384 uses |
2018-11-01 09:02:37 +0000 | answered a question | Unable to decrypt HTTPS TLSv1.2 traffic with wireshark (sha1WithRSAEncryption) You indeed seem to satisfy the required conditions to use RSA private key files: - TLS_RSA_WITH_AES_256_GCM_SHA384 uses |