commit 13d9601bf947af3286764506368fc3d04672bfde
author Brian Waters <brian@wkwflp.org> Fri Dec 08 16:53:31 2017 -0600
committer Brian Waters <brian@wkwflp.org> Fri Dec 08 16:53:31 2017 -0600
tree 86a9f2789fb7ed5d5cacf445a0dbb8f89aeeefbf
parent ae44c93f2411149d34a422c50cf94c941c19993f

Initial commit

Change-Id: I6a4444e3c193dae437cd7929f4c39aba7b749efa

contrib/wireshark/sample/README

diff --git a/contrib/wireshark/sample/README b/contrib/wireshark/sample/README
new file mode 100644
index 0000000..c75cfa1
--- /dev/null
+++ b/contrib/wireshark/sample/README
@@ -0,0 +1,56 @@
+This folder contains an example capture file, as well as the two
+private keys required to decode the TLS-protected exchanges.
+
+In order to decrypt properly the packets, you'll need a patched wireshark (see parent directory)
+and the SSL "RSA Private Keys" properties set to (replace with real full path):
+  192.168.103.10,3869,diameter,freeDiameter/contrib/wireshark/sample/192.168.103.10.priv.pem;192.168.103.20,3869,diameter,freeDiameter/contrib/wireshark/sample/192.168.103.20.priv.pem
+
+
+This capture contains everything that was exchanged by the peer since it boot up.
+The captured peer is "relay.a.rt.freediameter.net" with IP address 192.168.103.20.
+
+Here is the detail of what you can see in the capture, if the decyphering 
+works as expected, in chronological order:
+
+-----------------------------------------------------------------------------
+Frames		| Comments
+-----------------------------------------------------------------------------
+1-24		| Peer booting up: DHCP, NTP, ...
+		|
+25-29		| Connection attempt from 192.168.103.10
+		|   first attempt on SCTP (frames 26-27)
+		|   then on TCP (frames 28-29)
+		|
+32-35		| freeDiameter starting: Diameter Identities
+		|   from the peer's configuration file are
+		|   DNS resolved.
+		|
+36-39		| SCTP connection to 192.168.103.10
+		|
+40-45		| Failed attempt to connect to 192.168.103.30
+		|   where freeDiameter was not started.
+		|
+46-49		| (I think this is trigged by Debug output, 
+		|   I have to check)
+		|
+50-73		| TLS handshake on first stream pair (#0).
+		|
+74-90		| Resumed handshakes on streams #1 and #2 in parallel.
+		|   (not sure where to find that it is resumed,
+		|    except that certificates are not re-exchanged)
+		|
+91-92		| CER/CEA exchange.
+93-96		| DWR/DWA exchange.
+		|
+103-118		| SCTP heartbeats are exchanged more frequently than DWR/DWA.
+		|
+119-124		| Concurrent DWR/DWA (it happens sometimes)
+		|
+125-128		| Another failed attempt to 192.168.103.30 (cf. frames 40-45)
+		|
+137-140		| DPR/DPA exchange.
+		|
+141-153		| TLS clean shutdown on all streams in parallel.
+		|
+154-157		| SCTP association is closed.
+-----------------------------------------------------------------------------