57 lines
2.1 KiB
Plaintext
57 lines
2.1 KiB
Plaintext
This folder contains an example capture file, as well as the two
|
|
private keys required to decode the TLS-protected exchanges.
|
|
|
|
In order to decrypt properly the packets, you'll need a patched wireshark (see parent directory)
|
|
and the SSL "RSA Private Keys" properties set to (replace with real full path):
|
|
192.168.103.10,3869,diameter,freeDiameter/contrib/wireshark/sample/192.168.103.10.priv.pem;192.168.103.20,3869,diameter,freeDiameter/contrib/wireshark/sample/192.168.103.20.priv.pem
|
|
|
|
|
|
This capture contains everything that was exchanged by the peer since it boot up.
|
|
The captured peer is "relay.a.rt.freediameter.net" with IP address 192.168.103.20.
|
|
|
|
Here is the detail of what you can see in the capture, if the decyphering
|
|
works as expected, in chronological order:
|
|
|
|
-----------------------------------------------------------------------------
|
|
Frames | Comments
|
|
-----------------------------------------------------------------------------
|
|
1-24 | Peer booting up: DHCP, NTP, ...
|
|
|
|
|
25-29 | Connection attempt from 192.168.103.10
|
|
| first attempt on SCTP (frames 26-27)
|
|
| then on TCP (frames 28-29)
|
|
|
|
|
32-35 | freeDiameter starting: Diameter Identities
|
|
| from the peer's configuration file are
|
|
| DNS resolved.
|
|
|
|
|
36-39 | SCTP connection to 192.168.103.10
|
|
|
|
|
40-45 | Failed attempt to connect to 192.168.103.30
|
|
| where freeDiameter was not started.
|
|
|
|
|
46-49 | (I think this is trigged by Debug output,
|
|
| I have to check)
|
|
|
|
|
50-73 | TLS handshake on first stream pair (#0).
|
|
|
|
|
74-90 | Resumed handshakes on streams #1 and #2 in parallel.
|
|
| (not sure where to find that it is resumed,
|
|
| except that certificates are not re-exchanged)
|
|
|
|
|
91-92 | CER/CEA exchange.
|
|
93-96 | DWR/DWA exchange.
|
|
|
|
|
103-118 | SCTP heartbeats are exchanged more frequently than DWR/DWA.
|
|
|
|
|
119-124 | Concurrent DWR/DWA (it happens sometimes)
|
|
|
|
|
125-128 | Another failed attempt to 192.168.103.30 (cf. frames 40-45)
|
|
|
|
|
137-140 | DPR/DPA exchange.
|
|
|
|
|
141-153 | TLS clean shutdown on all streams in parallel.
|
|
|
|
|
154-157 | SCTP association is closed.
|
|
-----------------------------------------------------------------------------
|