Turning GSKSRVR Traces to Wireshark PCAP

For diagnosing certain kinds of SSL problems for applications which use System SSL on IBM® z/OS® (such as Sterling Connect:Direct®), GSKSRVR traces must be used. Event trace records for System SSL would look like this:

     1  C01        MESSAGE    00000001   20:43:46.694762   SSL_ENTRY

     2    Job TCP341     Process 00020032    Thread 00000004   gsk_secure_socket_read
     3    Handle 7E828198,  Size 1

     4  C01        MESSAGE    00000008  20:43:46.695013    SSL_INFO

     5    Job TCP341     Process 00020032    Thread 00000004   gsk_read_v3_record
     6    Calling read routine for 5 bytes

     7  C01        MESSAGE    00000004  20:43:46.695317    SSL_ERROR

     8    Job TCP341     Process 00020032    Thread 00000004   gsk_read_v3_record
     9    Socket closed by 192.168.50.80.1472.

When might you have to use System SSL GSKSRVR traces? If you have an SSL handshake problem, for example, you might have to take such a trace.

Inside Products can make finding and analyzing SSL handshake problems in GSKSRVR traces much easier.  How? By translating GSKSRVR traces into PCAP format.  Then you can read the PCAP file in Wireshark.  And, of course, you can import the PCAP file into SSL Problem Finder.

You might ask the question, can’t I just take a packet trace on the wire to create a Wireshark PCAP file? In certain cases, you can’t – because some applications which use GSKSRVR, use a proprietary format for packaging the SSL packets, so you can’t see the handshake!

Tools such as Wireshark cannot decode the packet as SSL. But, the SSL information IS in the packet. So, how can you extract it? Use SSL Trace Translator from Inside Products!

SSL Trace Translator from Inside Products will:

  1. Import in a file, printed via IPCS, of the System SSL GSKSRVR trace
  2. Produce a Wireshark PCAP of the SSL handshake

Many problems can be solved using Wireshark. The best solution, of course, is to convert the GSKSRVR trace to Wireshark PCAP and then feed it in to SSL Problem Finder!

 

Sterling Commerce is an IBM Company

Connect:Direct® and z/OS® are registered trademarks of IBM