Ask Your Question

Revision history [back]

How does tshark export decrypted ssl pcap files instead of log files

I generated the log file after using the following command. Of course, it contains the key information after decryption, but what I want is the decrypted pcap, hope to get your help

tshark -r testssl.pcap -V -x -o "ssl.debug_file:ssldebug.log" -o "ssl.desegment_ssl_records: TURE" -o "ssl.desegment_ssl_application_data: TURE" -o "ssl.keys_list:,443,http,server.key"