Turning GSKSRVR Traces to Wireshark PCAP
For diagnosing certain kinds of SSL problems for applications which use System SSL on IBM® z/OS® (such as Sterling Connect:Direct®), GSKSRVR traces must be used. Event trace records for System SSL would look like this:
1 C01 MESSAGE 00000001 20:43:46.694762 SSL_ENTRY 2 Job TCP341 Process 00020032 Thread 00000004 gsk_secure_socket_read 3 Handle 7E828198, Size 1 4 C01 MESSAGE 00000008 20:43:46.695013 SSL_INFO 5 Job TCP341 Process 00020032 Thread 00000004 gsk_read_v3_record 6 Calling read routine for 5 bytes 7 C01 MESSAGE 00000004 20:43:46.695317 SSL_ERROR 8 Job TCP341 Process 00020032 Thread 00000004 gsk_read_v3_record 9 Socket closed by 192.168.50.80.1472.
When might you have to use System SSL GSKSRVR traces? If you have an SSL handshake problem, for example, you might have to take such a trace.
Inside Products can make finding and analyzing SSL handshake problems in GSKSRVR traces much easier. How? By translating GSKSRVR traces into PCAP format. Then you can read the PCAP file in Wireshark. And, of course, you can import the PCAP file into SSL Problem Finder.
You might ask the question, can’t I just take a packet trace on the wire to create a Wireshark PCAP file? In certain cases, you can’t – because some applications which use GSKSRVR, use a proprietary format for packaging the SSL packets, so you can’t see the handshake!
Tools such as Wireshark cannot decode the packet as SSL. But, the SSL information IS in the packet. So, how can you extract it? Use SSL Trace Translator from Inside Products!
SSL Trace Translator from Inside Products will:
- Import in a file, printed via IPCS, of the System SSL GSKSRVR trace
- Produce a Wireshark PCAP of the SSL handshake
Many problems can be solved using Wireshark. The best solution, of course, is to convert the GSKSRVR trace to Wireshark PCAP and then feed it in to SSL Problem Finder!
Sterling Commerce is an IBM Company
Connect:Direct® and z/OS® are registered trademarks of IBM