Ask Your Question

How do I add keys (that I already have) to a packet capture?

asked 2020-07-28 22:04:17 +0000

Tiger123 gravatar image

I have a DTLS file with encryption keys. When I download it, I have two files, the packet capture itself and the key; they come separately. How do I add the keys to the pcap to make a pcapng file on my mac?

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2020-07-28 23:41:06 +0000

Chuckc gravatar image

updated 2020-07-28 23:42:04 +0000

edit flag offensive delete link more


This is on a UN*X, so the command line shouldn't be too painful, although, on macOS, you should install the files that add the Wireshark binary directory to your PATH (they're in one of the sub-packages for the .dmg for newer releases).

And remember not to send the file to anybody you don't want to be able to read the DTLS traffic (and, if you do send it to somebody, make sure they don't forward it).

Guy Harris gravatar imageGuy Harris ( 2020-07-29 05:52:21 +0000 )edit

How would I install the files that add the Wireshark binary directory? Sorry, I am a bit new to this.

Tiger123 gravatar imageTiger123 ( 2020-07-29 21:47:08 +0000 )edit

Installing Wireshark under macOS - "See the included Read me first.html file for more details."

Source adoc file for the Readme
The Quick Setup section shows steps for adding the Extras to your path but will be easier to read if you have the HTML version.

Chuckc gravatar imageChuckc ( 2020-07-29 22:03:51 +0000 )edit

And, in particular, you will need to mount the .dmg you downloaded to install Wireshark. You may have to download it again; you won't need to drag-install Wireshark again, but you will need to double-click the "Add Wireshark to the system path" package to install it.

Guy Harris gravatar imageGuy Harris ( 2020-07-29 23:16:25 +0000 )edit

Sorry - just now got it - "I am looking only to embed the keys into the pcap file (specifically this DTLS test file) to create one single pcapng file. Right now, the capture and the key come separately."

Try the steps here It's a two step process to extract the session keys then merge them into a new capture file.

(there was a bit of parallel questions - link to the related question )

Chuckc gravatar imageChuckc ( 2020-07-30 06:27:48 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools


Asked: 2020-07-28 22:04:17 +0000

Seen: 768 times

Last updated: Jul 28 '20