| Brian Waters | 13d9601 | 2017-12-08 16:53:31 -0600 | [diff] [blame^] | 1 | This folder contains an example capture file, as well as the two |
| 2 | private keys required to decode the TLS-protected exchanges. |
| 3 | |
| 4 | In order to decrypt properly the packets, you'll need a patched wireshark (see parent directory) |
| 5 | and the SSL "RSA Private Keys" properties set to (replace with real full path): |
| 6 | 192.168.103.10,3869,diameter,freeDiameter/contrib/wireshark/sample/192.168.103.10.priv.pem;192.168.103.20,3869,diameter,freeDiameter/contrib/wireshark/sample/192.168.103.20.priv.pem |
| 7 | |
| 8 | |
| 9 | This capture contains everything that was exchanged by the peer since it boot up. |
| 10 | The captured peer is "relay.a.rt.freediameter.net" with IP address 192.168.103.20. |
| 11 | |
| 12 | Here is the detail of what you can see in the capture, if the decyphering |
| 13 | works as expected, in chronological order: |
| 14 | |
| 15 | ----------------------------------------------------------------------------- |
| 16 | Frames | Comments |
| 17 | ----------------------------------------------------------------------------- |
| 18 | 1-24 | Peer booting up: DHCP, NTP, ... |
| 19 | | |
| 20 | 25-29 | Connection attempt from 192.168.103.10 |
| 21 | | first attempt on SCTP (frames 26-27) |
| 22 | | then on TCP (frames 28-29) |
| 23 | | |
| 24 | 32-35 | freeDiameter starting: Diameter Identities |
| 25 | | from the peer's configuration file are |
| 26 | | DNS resolved. |
| 27 | | |
| 28 | 36-39 | SCTP connection to 192.168.103.10 |
| 29 | | |
| 30 | 40-45 | Failed attempt to connect to 192.168.103.30 |
| 31 | | where freeDiameter was not started. |
| 32 | | |
| 33 | 46-49 | (I think this is trigged by Debug output, |
| 34 | | I have to check) |
| 35 | | |
| 36 | 50-73 | TLS handshake on first stream pair (#0). |
| 37 | | |
| 38 | 74-90 | Resumed handshakes on streams #1 and #2 in parallel. |
| 39 | | (not sure where to find that it is resumed, |
| 40 | | except that certificates are not re-exchanged) |
| 41 | | |
| 42 | 91-92 | CER/CEA exchange. |
| 43 | 93-96 | DWR/DWA exchange. |
| 44 | | |
| 45 | 103-118 | SCTP heartbeats are exchanged more frequently than DWR/DWA. |
| 46 | | |
| 47 | 119-124 | Concurrent DWR/DWA (it happens sometimes) |
| 48 | | |
| 49 | 125-128 | Another failed attempt to 192.168.103.30 (cf. frames 40-45) |
| 50 | | |
| 51 | 137-140 | DPR/DPA exchange. |
| 52 | | |
| 53 | 141-153 | TLS clean shutdown on all streams in parallel. |
| 54 | | |
| 55 | 154-157 | SCTP association is closed. |
| 56 | ----------------------------------------------------------------------------- |