ssldump fails to read tcpdump file properly

Brought to you by: rescorla, rot26

#53 ssldump fails to read tcpdump file properly

Status: open

Owner: Eric Rescorla

Labels: decryption (15)

Priority: 5

Updated: 2008-12-17

Created: 2008-12-17

Creator: Anonymous

Private: No

I have a tcpdump file created with:

tcpdump -s1500 -iem0 -w wnssl.dump port 443

Once I let it capture some packets and terminate it, the file is not really readable. I use the following to display the capture:

ssldump -nr wnssl.dump

It reads a couple packets (properly) and then prints

ERROR: Length mismatch

tcpdump -nr wnssl.dump displays all the packets.

The tcpdump file is attached.

dimrub - 2009-03-19

This is probably due to -s 1500 and jumbo packets. Try using -s 0.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

dimrub - 2009-03-19

This is probably due to -s 1500 and jumbo packets. Try using -s 0.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Nobody/Anonymous - 2010-03-23

The -s0 was the problem. It works fine now. Thanks.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link: