Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Follow TLS stream

I have a protocol over USB that I try to analyze. Key characteristics are that is is reliable (bulk transfer) and packet based (there is clear packet boundary). The first packets contain Client Hello, Server Hello, etc. and they are correctly shown as such in Wireshark capture list. Next packets contain encrypted Application Data. I also have private keys of both sides of the conversation (there is mutual certificate auth) and Wireshark does not complain about their format.

Now I would like to decrypt this TLS traffic so I tried to click on one of the messages and select "Follow -> TLS Stream" option. I got the message saying "A transport or network layer header is needed."

Now I understand that Wireshark needs some way to find out which packets belong to the same stream, but how do I indicate that to Wireshark in my dissector? How do I say that given packet belongs to stream 1 for example?