Wireshark - dissecting OpenVPN traffic

[Ketchup]

Hey everyone,

I figured I would post another question that I have been stumped on.  I have a packet capture of an SSL VPN session.  The SSL VPN is basically a slightly modified implementation of OpenVPN over TCP.   

I am working in Wireshark to try to dissect and decode the captured data.  I have the private key files used for the key exchange.  I am working now to retrieve the session key (which seem to change every few KB). I am just missing a dissector for OpenVPN.  It looks like the Wireshark team has had requests for one.  Has anyone successfully been able to decode OpenVPN traffic in Wireshark? 

[mnlhfr]

i just submitted a openvpn dissector to the wireshark project a few days ago:
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8240

maybe this helps

[Ketchup]

Wow, this is exactly what I needed

[Ketchup]

I just wanted to let you know that the packet-openvpn.c is already in the svn tree.  I was able to compile wireshark in Linux (haven't tried on Windows).   I was able to detect and dissect the OpenVPN packets in my capture without many issues.  I love that you provided an option to change the port assignments for the protocol, since mine runs over a non-standard TCP port. 

My only issue is that some of the SSL / TLS key negotiation gets lost.  That's easily remedied by switching the decoding to SSL though. 

Thank you for the great work on this!