 | 1 | initial version |
Actually, even know my data is not http, I can still apply the http dissector and get the data via tls.segment.data, and even apply display filters to it:
tshark -r etsi232_ssl.pcap -o "tls.debug_file:ssldebug.log" -o "tls.desegment_ssl_records:TRUE" -o "tls.desegment_ssl_application_data:TRUE" -o "tls.keylog_file:sslkeylog.txt" -d "tls.port==0-65535,http" -T fields -e "tls.segment.data"
| | 2 | No.2 Revision |
Actually, even know my data is not http, I can still apply the http dissector and get the data via tls.segment.data, and even apply display filters to it:
tshark -r etsi232_ssl.pcap example_ssl.pcap -o "tls.debug_file:ssldebug.log" -o "tls.desegment_ssl_records:TRUE" -o "tls.desegment_ssl_application_data:TRUE" -o "tls.keylog_file:sslkeylog.txt" -d "tls.port==0-65535,http" -T fields -e "tls.segment.data"
| | 3 | No.3 Revision |
Actually, even know though my data is not http, http (actually ASN.1 BER), I can still apply the http dissector and get the data via tls.segment.data, and even apply display filters to it:
tshark -r example_ssl.pcap -o "tls.debug_file:ssldebug.log" -o "tls.desegment_ssl_records:TRUE" -o "tls.desegment_ssl_application_data:TRUE" -o "tls.keylog_file:sslkeylog.txt" -d "tls.port==0-65535,http" -T fields -e "tls.segment.data"
