 | 1 | initial version |
Breaking this into "TLS keys" and "how to follow".
TLS background info: Sharkfest '19
09: Debugging TLS issues with Wireshark by Peter Wu / Presentation Video (1:10:44)
Peter's slides available here Debugging TLS issues with Wireshark.
Also check the Wireshark wiki page for TLS.
Sections for Embedding decryption secrets in a pcapng file and Preference Settings (hint: tls.keylog_file)
The tshark man page documents the follow option:
-z follow,prot,mode,filter[,range] Displays the contents of a TCP or UDP stream between two nodes. The data sent by the second node is prefixed with a tab to differentiate it from the data sent by the first node. prot specifies the transport protocol. It can be one of: tcp TCP udp UDP tls TLS or SSL http HTTP streams http2 HTTP/2 streams quic QUIC streams
