FAQ/How to decode TLS calls using wireshark

From Snom User Wiki

< FAQ
Jump to: navigation, search
Languages: English • Deutsch

Answer

In case you are a PBX administrator and you have acces to the server private key, you can use it to decode TLS calls, in order to analyse your SIP and RTP/SRTP packets

  • It is very important that your trace contains the initial TLS handshake, otherwise this tutorial will not work. An easy way to make sure is to start the trace, then restart your phone/server, and then perform the test call.
  • Place your private key in a text file somewhere on your computer. You private key should look something like this:
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCxgPIDzB6Nft+B4g+9rv36WF9zhxr2WNgmn8KDw5ZSx1ejZFr3
084C5c+c6lUNqcVwRHkebDOrnqAM+DWm0TSVv0vcEm51gJY5bnu2KNQCCiWqduT8
FX4IJQz25P3CZXboWWO03g0oCtrIYZXdvor2LXnfilKLULhCgxT4rix8swIDAQAB
AoGAYxKIgiwUxX8R+ymVBZc9dNSMeivnlaYjBvPWmrq5FXzj4nOp/nc+ngls5rU4
QccHR1FAlQVplZmU1YhYUcKk6R4DU8weaQ74EuucFx1cKp3ze4kPYMw+G6BCZflI
J647lz4gV1fhN1Ho8mFL1In5z+bCYhPndmp2f0WDCB6juGkCQQDXBMAPb6dnCnDU
U0X3T2XZDeRxv0C2vj+6+9NLWsZjZwx2f3H7EzuDxX62VUy6ZH6vY8lTE6zFNUQT
CoqTMZnVAkEA01XCOy2hkoWliqnAnhzQlQR5oIs4CbeokX8iN3eSmaREUhZo2/W1
m/Gn9zodbfOvpuLGSIkESBv4V4QEvM04ZwJARdwQPrOrMypMQGAR8mlEkQIXf/GA
qB8l+62IGAqVPISlovaDZOz5wDVxlvId7M1r77Y/GhPhZW2KAZnCLlLGRQJBALTU
Y68ZW3AxVTWyDLP9+egYfS4HEfsWoHFmtFN7yAAZU7BdpnnX4/68pzlfC8GCSyFk
V7/HJdfBvxy7RQZ8Hy8CQFYEo8DZkoJr0Mlnhh2qSM8UmXW7nYh+kD5UDXfcZ6BT
xmwbDd3sF/OTtYhw06OxH10QGn3QaefeqCNeQYGhGlU=
-----END RSA PRIVATE KEY-----
  • Start Wireshark and open the network capture
  • From the top menu select Edit > Preferences.
  • When the Preferences window opens, expand Protocols
  • Scroll down and select SSL.
  • In the space labeled RSA keys list, provide the following information in the format <ip>,<port>,<protocol>,<key_file_name>.
Where:
<ip> is the IP Address of the server / appliance with the private key
<port> is usually 5061 for SIP TLS
<protocol> is tls
<key_file_name> is the location and file name of the private key (the one your created at the first step)
Note: There are no spaces between the colons.
  • Press Apply
  • Scroll down in the Preferences window again and select SIP.
  • Setup your ports as in the following image:
  • Press Apply
  • Now you should be able to see the TLS+SRTP calls in your trace
Personal tools
Interoperability