blob: d6d9123d489559a1669b68a56cbe9136856859a3 [file] [log] [blame]
Brian Waters13d96012017-12-08 16:53:31 -06001 --------
2 FOREWORD
3 --------
4
5The patch in this folder allows Wireshark to process packets that contain TLS-protected
6Diameter messages over SCTP multi-stream associations. Each SCTP stream pairs is handled
7as a separate TLS channel (RFC3436), which is consistent with freeDiameter 1.0.x mechanism.
8
9It should be noted however that rfc3588bis (revised Diameter) recommends that DTLS is used
10instead of TLS over SCTP, for the reasons highlighted in the introduction of RFC6083.
11When this new mechanism is implemented in freeDiameter, a different patch will probably
12be required for wireshark.
13
14
15The instructions in this file will change your wireshark binary in a way suitable for
16analysis of Diameter over TLS over SCTP, but may have unexpected side-effects
17on some other protocols analysis (including DTLS).
18
19The instructions refer to Debian-style packaging (apt), you should adapt
20the process to build a new modified package of wireshark for your distribution.
21
22The provided patch has been successfully tested with:
23 - wireshark-1.2.7 (Ubuntu Lucid)
24 - wireshark-1.2.11 (Ubuntu Maverick)
25It may or may not work on more recent or ancient versions.
26
27
28 ------------
29 INSTRUCTIONS
30 ------------
31
32The steps are:
33 - get your wireshark source
34 apt-get source wireshark
35 cd wireshark-1.2.*
36
37 - apply the patch
38 cat ~/wireshark-1.2.7-diameter-tls.patch | patch -p1
39
40 - increase the version number
41 dch -lfD "Added support for Diameter over TLS over SCTP"
42
43 - Create a new package, this might take a while
44 fakeroot debian/rules binary
45
46 - Install the modified version
47 sudo dpkg --install ../wireshark-common_*fD*.deb ../wireshark_*fD*.deb
48
49 - Start the new wireshark:
50 wireshark &
51
52To analyze a capture file, you will need the private keys of both peers involved.
53
54Let's imagine for example:
55 peer A with IP address 192.168.0.10 has private key privA.pem
56 peer B with IP address 192.168.0.11 has private key privB.pem
57
58In wireshark you must do the following:
59 - go to menu Edit->Preferences
60 - In the left panel, under Protocols, scroll to "SSL" and select it.
61 - In the right panel, fill "RSA keys list" as follow:
62 192.168.0.10,3869,diameter,/absolute/path/to/privA.pem;192.168.0.11,3869,diameter,/absolute/path/to/privB.pem
63 - You may find also useful to select an SSL debug file to get a hint of any problem.
64
65Once this configuration is complete, you should be able to see the contents of SCTP packets,
66including protected Diameter payload.
67
68Check the "sample" subdirectory for a test capture file.