Wireshark-bugs: [Wireshark-bugs] [Bug 3444] Need the ability to export SSL decrypted captures

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Wed, 29 Apr 2009 10:00:17 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3444





--- Comment #3 from Sake <sake@xxxxxxxxxx>  2009-04-29 10:00:11 PDT ---
(In reply to comment #2)
> > $ tshark -o ssl.keys_list:192.168.100.217,443,http,c:\\key.txt -r full.cap -V
> > -c 1 http
> 
> Thank you, that does output the decrypted headers and data in text form and
> definitely gets me 80% of what I need.  

What would be the other 20%?

> Ultimately, I was trying to get the output back into Wireshark for analysis
> using the GUI, and I played with setting output formats so that I could
> re-import the decrypted output from tshark...but no luck.  Any hints?

The libpcap file format does not have the possibility to add extra info into
the tracefile. It's just a bunch of records with a header (timestamp etc) and
packet-data as it was seen on the NIC.

What I usually do is provide the pcap file and the decrypted output, which
kinda provides all info.


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.