 | 1 | initial version |
Do you use a non-default profile in Wireshark, if so, you might need to add -C <profile-name> to your tshark command to have it behave the same as Wireshark.
Without specifying a profile I would add -o tcp.desegment_tcp_streams:TRUE to your command to make sure TCP allows reassembly by the TLS dissector.
Does either of these suggestions make WSS decryption work for you with tshark?
