Ask Your Question

eike's profile - activity

2021-12-02 18:29:26 +0000 received badge  Popular Question (source)
2021-09-10 08:55:20 +0000 commented answer Forcing wireshark to dissect null cipher TLS

Thank you very much. Registering the dissector to TCP and skipping the first 5 bytes did the trick for me.

2021-09-10 08:54:42 +0000 commented answer Forcing wireshark to dissect null cipher TLS

Thank you very much. Registering the dissector to TCP and skipping the first 5 byte did the trick for me.

2021-09-10 08:53:13 +0000 marked best answer Forcing wireshark to dissect null cipher TLS

Hi,

we have a dissector for a custom protocol which can be the payload of TLSv1.2 packets with the cipher suite TLS_ECDHE_ECDSA_WITH_NULL_SHA (0xc006). The dissector is registered in lua with:

DissectorTable.get("tls.port"):add(49502, my_protocol)

These packages get dissected properly for connections, where the TLS handshake is part of the capture. When the handshake is missing wireshark does not dissect the application data of the tls packets.

Is it possible to tell wireshark to assume the that all TLS packages on a given port are not encrypted and to dissect them with the given dissector?

Kind regards and thank you. Eike

2021-09-10 08:53:13 +0000 received badge  Scholar (source)
2021-09-09 15:10:25 +0000 asked a question Force null cipher decryption

Force null cipher decryption Hi, we have a dissector for a custom protocol which can be the payload of TLSv1.2 packets

2021-09-09 15:10:25 +0000 asked a question Forcing wireshark to dissect null cipher TLS

Forcing wireshark to dissect null cipher TLS Hi, we have a dissector for a custom protocol which can be the payload of