Revision history [back]

I have an RDP packet capture. I need to export the application data to another program that requires decrypted PDUs as input. I should be able to do this by: * opening up Wireshark * ensuring the PCAP is decrypted * File -> Export PDUs to File * Selecting OSI 7

I can reproduce with the samples on the Wireshark wiki https://wiki.wireshark.org/RDP Use SampleCaptures/rdp-ssl.pcap.gz and the associated cert.pem.

If you use this and the latest Wireshark it looks like the Application Data is getting decrypted (decrypted TLS tab) but not going through the TPKT dissector, hence never being parsed and not being marked as layer 7.

Posts elsewhere seem to imply this should work and should be being parsed correct, how can I fix this and get my decrypted data?

I have an RDP packet capture. I need to export the application data to another program that requires decrypted PDUs as input. I should be able to do this by: * opening up Wireshark * ensuring the PCAP is decrypted * File -> Export PDUs to File * Selecting OSI 7

I can reproduce with the samples on the Wireshark wiki https://wiki.wireshark.org/RDP Use SampleCaptures/rdp-ssl.pcap.gz and the associated cert.pem.

If you use this and the latest Wireshark it looks like the Application Data is getting decrypted (decrypted TLS tab) but not going through the TPKT dissector, hence never being parsed and not being marked as layer 7.

Posts elsewhere seem to imply this should work and should be being parsed correct, how can I fix this and get my decrypted data?