1 | initial version |
Do you use a non-default profile in Wireshark, if so, you might need to add -C <profile-name>
to your tshark command to have it behave the same as Wireshark.
Without specifying a profile I would add -o tcp.desegment_tcp_streams:TRUE
to your command to make sure TCP allows reassembly by the TLS dissector.
Does either of these suggestions make WSS decryption work for you with tshark?