Ask Your Question

Revision history [back]

Yes it can be used with tshark. Either set the path to the keylogfile in a profile and use that profile with tshark (-C option) or pass the path as a configuration option with -o tls.keylog_file:path\to\keylog.

The secrets from the file are associated with the TLS handshakes to generate the keys required for decryption.

The code is built for use by dissectors within the Wireshark framework, it might be some effort to extract it for use elsewhere.