Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Accessing decrypted TLS data in Lua dissector

As I hinted in my TLS 1.3 decrypt question in https://ask.wireshark.org/question/14778/how-to-decrypt-tls-13-psk-sent-by-zabbix/, I've now attempted to decrypt Zabbix TLS traffic in Lua dissector.

In my dissector function (which is registered for 10050/tcp packets in this case), when I know I expect TLS-encrypted data, I can basically call

Dissector.get("tls"):call(tvb, pktinfo, tree)

right away and the decrypted Zabbix data is successfully shown in the "Decrypted TLS" tab (as I have captured and added the relevant session keys in Wireshark), but I don't know how to access that decrypted data in my dissector after that call.

Any hints?

I already searched for a "tls.something" field that would contain the decrypted data, but didn't find one.

Markku