This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

tshark statistics(-z) output with “ssl” filter(-R/-Y)

As I mentioned in title I want to filter tshark's dests,tree statistics output to show only encrypted(ssl) traffic.

I tried tshark -a duration:30 -Y "ssl" -z dests,tree > output.txt but that doesn't work as I expected. But from wireshark(gui) Statistics > IP Destinations filter:ssl works just fine.

alt text

Are there any ways to do this with tshark or should I consider other tools?

Background: I'm writing a java application to automatically fetch scheduled tshark command output to show traffic bandwidth and incoming packets by ports per IP. I am absolutely not an expert in this job. If I'm looking for something wrong to do my job you should feel free to offer me better ways.

filter statistics destination tshark ssl

asked 14 Jul '15, 00:54

xmikro
11●2●2●5
accept rate: 0%

edited 14 Jul '15, 01:06

It seems to work for me (tshark v1.99.8rc0-411-g89b375f), what is exactly not functioning? Can you see the normal dissection in the tshark output?

(15 Jul '15, 13:11) Lekensteyn