Wireshark · Wireshark-users: Re: [Wireshark-users] tshark option to decrypt SSL?

Wireshark-users: Re: [Wireshark-users] tshark option to decrypt SSL?

From: Sake Blok <sake@xxxxxxxxxx>

Date: Thu, 9 Sep 2010 17:14:30 +0200

On 9 sep 2010, at 16:30, James Hozier wrote:

> Here is what I have so far:
> tshark -tad -lnx -d tcp.port==4040,irc -R 'irc'
> 
> What should I add in order for it to capture and also decrypt SSL traffic
> as well, with the private server certificate on the machine this is being
> run from?

If traffic on port 4040 is SSL encrypted IRC traffic, then you would use the following:

tshark -tad -lnx -o ssl.keys_list:<server-ip>,4040,irc,<path-to-private-key> -R irc

You might want to use -V as well to get full protocol decodes, including the decrypted irc details.

Cheers,

Sake

Follow-Ups:
- Re: [Wireshark-users] tshark option to decrypt SSL?
  - From: James Hozier

References:
- [Wireshark-users] tshark option to decrypt SSL?
  - From: James Hozier

Prev by Date: Re: [Wireshark-users] Capture packet from remote device
Next by Date: Re: [Wireshark-users] Capture packet from remote device
Previous by thread: Re: [Wireshark-users] tshark option to decrypt SSL?
Next by thread: Re: [Wireshark-users] tshark option to decrypt SSL?
Index(es):
- Date
- Thread