 | 1 | initial version |
You should not try to access the decrypted data via a field, but ensure that dissectors call each other.
Register your protocol with the tls.port dissector table. This ensures that the TLS dissector is called when that TCP port is encountered, and ensures that your protocol is called for the decrypted payload.
Alternatively, register a heuristics dissector for the tls heuristics dissector table. From there, you could try to detect whether the data matches your protocol. I would suggest the former approach if possible.
Finally, if your protocol has an ALPN registration, register your protocol with the tls.alpn dissector table.
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
