How does tshark export decrypted ssl pcap files instead of log files

asked 2020-07-28 03:02:58 +0000

Riy.. gravatar image

I generated the log file after using the following command. Of course, it contains the key information after decryption, but what I want is the decrypted pcap, hope to get your help

tshark -r testssl.pcap -V -x -o "ssl.debug_file:ssldebug.log" -o "ssl.desegment_ssl_records: TURE" -o "ssl.desegment_ssl_application_data: TURE" -o "ssl.keys_list:,443,http,server.key"

edit retag flag offensive close merge delete


(not an answer but related: Bug 14639 - TShark output isn't always usable as text2pcap input
Removing the "-V" and sending the output to text2pcap would be nice but see bug above.

Chuckc gravatar imageChuckc ( 2020-07-28 05:54:23 +0000 )edit
Chuckc gravatar imageChuckc ( 2020-07-28 05:56:55 +0000 )edit