Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

answered 2022-04-11 15:57:35 +0000

Chuckc gravatar image

Breaking this into "TLS keys" and "how to follow".
TLS background info: Sharkfest '19

09: Debugging TLS issues with Wireshark by Peter Wu / Presentation Video (1:10:44)

Peter's slides available here Debugging TLS issues with Wireshark.

Also check the Wireshark wiki page for TLS. Sections for Embedding decryption secrets in a pcapng file and Preference Settings (hint: tls.keylog_file)

The tshark man page documents the follow option:

-z follow,prot,mode,filter[,range]
Displays the contents of a TCP or UDP stream between two nodes. The data sent by the second node is prefixed with a tab to differentiate it from the data sent by the first node.

prot specifies the transport protocol. It can be one of:

tcp   TCP
udp   UDP
tls   TLS or SSL
http  HTTP streams
http2 HTTP/2 streams
quic  QUIC streams
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2