Initial commit
Change-Id: I6a4444e3c193dae437cd7929f4c39aba7b749efa
diff --git a/contrib/wireshark/sample/192.168.103.10.priv.pem b/contrib/wireshark/sample/192.168.103.10.priv.pem
new file mode 100644
index 0000000..9da15dd
--- /dev/null
+++ b/contrib/wireshark/sample/192.168.103.10.priv.pem
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQDMcXy2iVqcXkGaY44yNihVNzW/zHptqID49/ZyyyOinxHenvf9
+o/fr613XvUuyquaapL99yiMPuLU3I1UxxacWBSAb496eGd7fY1Udw1RtqKCeb60c
+jpTc3zKySGPHtnzOxeSMDK/R6uqkFirF6Lnu18mKZyAwJtvFYnh0wK3SwwIDAQAB
+AoGAa6kX08hhPxcj1Pm4WBjNBJMeavJzRmwF/xYVYj43ddvuvR1Z2ugOFt7LfGDj
+DCOTbLx1Wvinng/W3kJtCtjbM3w3k5cuFJdJcURXda73IHSaJOHnBAw5RlvFCE79
+12yKqGOBgy80gGHDlqnSIjISCGb/9wLcHYLccakekckPc4ECQQDubt5fWzN4wUwU
+yW+e/SO9Vz4j+FiIC2aZy2OM9XXt6cgh4v0hQ3l0sWVJ6lTvK17aD9LXE5rluAOI
+thnPZElFAkEA24GH8Po/+3K6A5d5Zh1+hwoMLbWrykQDWSOgtmaOtbAvezlolF8O
+W18pVdvyMJg3gUiCA/rHG+r+OBxa4sx4ZwJAH4c1jHJo2fzlbJI+Wk2q3iydIPCD
+9GldhdSpM0h58Z3KQwDa6/0aIF4cwKtl08JuZnNVM+95ugqdHQTHYO8n6QJBAIgO
+m+KEWxBSpnX/d+IRuhGd6rqSdu8ihSjFaqJko2R+1o98oBQHb3C3ZXmwoUf5sb3S
+4bPxx2TIndbNzI/zyVUCQGqN7eyoeTxtPD8P08lUGTUnC2n0imZ1mU5p8Bnv8gw5
+lwt9qxuz0Ujr7uFPPu58bvGsYeoFUV23WRmS0rKLXv0=
+-----END RSA PRIVATE KEY-----
diff --git a/contrib/wireshark/sample/192.168.103.20.priv.pem b/contrib/wireshark/sample/192.168.103.20.priv.pem
new file mode 100644
index 0000000..9f69f7a
--- /dev/null
+++ b/contrib/wireshark/sample/192.168.103.20.priv.pem
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXgIBAAKBgQDef8CrqawfvmCLBwmlPRlWjwB6V4TvVMRhivAYlwwFbUSoU5bm
+2D780IBr3fNL3zP38ySa7r9cXxPgk7mbj3PhcJbI0Ix0AjQdFSB08AOXev4gqU8p
+qgEODFV04tnFhOcDysp77qH/DFuNwxd2xtFUbGKfGhroAssHxJuogOmiWQIDAQAB
+AoGAP6H7wVyCLIXu6HP3zzkdIQM+2L5k92mfzGHG7tFsD7VDWHyngJfB093xjGfq
+p/1KyJPSGTlEoy9R6P12rMWnFv7sYYKmPGfKdRUMxZYIXbplw6+L/gwW3MCiOMDD
+zRzRjknE3a+Mjo3e2XMHh6Z+GJ61megMeGInODP05/h66AECQQDyFhT+D8DVj1hp
+RlaYTFDKCmS9rgMQ+g4YyqMLzuakkKwaJwbCIlMbQortGBvY9I+0uZC4jklcOpnl
+YYcGIUEBAkEA60l5uAVBk6vKWKWX2cksBP/VlJM2B9pkvmlL7tPwJVEfoaAzZx4N
+rPpC9sOsFlX1ShpirAmIqmvY16in4xEJWQJBAOvULSEOcZjZapQrjEIS3gTkOR06
+fgw0vDTUeh8PsEmSEcXsTL4jt/fvS+0KNl6UZ8Xzm5LeMYLiJ3d4GZQUIwECQQCb
+vYLoH/KMQMYrb1DYQ6TzmjRRqC+3ewP8Vc6BQ6BN0yjQ3y2nL+l1eiIhHNwn3LYE
+Wvq9TYI87C4YcfbPAlPhAkEA0bNU/Utgdbv/yT4lUmw+0toqFHkcT5s13RFWzNJU
+KdQ308kwz9rSDmuQ8eYzn5V02TioJKV4r0NZz+WcCyDY3A==
+-----END RSA PRIVATE KEY-----
diff --git a/contrib/wireshark/sample/README b/contrib/wireshark/sample/README
new file mode 100644
index 0000000..c75cfa1
--- /dev/null
+++ b/contrib/wireshark/sample/README
@@ -0,0 +1,56 @@
+This folder contains an example capture file, as well as the two
+private keys required to decode the TLS-protected exchanges.
+
+In order to decrypt properly the packets, you'll need a patched wireshark (see parent directory)
+and the SSL "RSA Private Keys" properties set to (replace with real full path):
+ 192.168.103.10,3869,diameter,freeDiameter/contrib/wireshark/sample/192.168.103.10.priv.pem;192.168.103.20,3869,diameter,freeDiameter/contrib/wireshark/sample/192.168.103.20.priv.pem
+
+
+This capture contains everything that was exchanged by the peer since it boot up.
+The captured peer is "relay.a.rt.freediameter.net" with IP address 192.168.103.20.
+
+Here is the detail of what you can see in the capture, if the decyphering
+works as expected, in chronological order:
+
+-----------------------------------------------------------------------------
+Frames | Comments
+-----------------------------------------------------------------------------
+1-24 | Peer booting up: DHCP, NTP, ...
+ |
+25-29 | Connection attempt from 192.168.103.10
+ | first attempt on SCTP (frames 26-27)
+ | then on TCP (frames 28-29)
+ |
+32-35 | freeDiameter starting: Diameter Identities
+ | from the peer's configuration file are
+ | DNS resolved.
+ |
+36-39 | SCTP connection to 192.168.103.10
+ |
+40-45 | Failed attempt to connect to 192.168.103.30
+ | where freeDiameter was not started.
+ |
+46-49 | (I think this is trigged by Debug output,
+ | I have to check)
+ |
+50-73 | TLS handshake on first stream pair (#0).
+ |
+74-90 | Resumed handshakes on streams #1 and #2 in parallel.
+ | (not sure where to find that it is resumed,
+ | except that certificates are not re-exchanged)
+ |
+91-92 | CER/CEA exchange.
+93-96 | DWR/DWA exchange.
+ |
+103-118 | SCTP heartbeats are exchanged more frequently than DWR/DWA.
+ |
+119-124 | Concurrent DWR/DWA (it happens sometimes)
+ |
+125-128 | Another failed attempt to 192.168.103.30 (cf. frames 40-45)
+ |
+137-140 | DPR/DPA exchange.
+ |
+141-153 | TLS clean shutdown on all streams in parallel.
+ |
+154-157 | SCTP association is closed.
+-----------------------------------------------------------------------------
diff --git a/contrib/wireshark/sample/capture.cap b/contrib/wireshark/sample/capture.cap
new file mode 100644
index 0000000..a680590
--- /dev/null
+++ b/contrib/wireshark/sample/capture.cap
Binary files differ