Wireshark mailing list archives
Re: tshark option to decrypt SSL?
From: Sake Blok <sake () euronet nl>
Date: Thu, 9 Sep 2010 17:14:30 +0200
On 9 sep 2010, at 16:30, James Hozier wrote:
Here is what I have so far: tshark -tad -lnx -d tcp.port==4040,irc -R 'irc' What should I add in order for it to capture and also decrypt SSL traffic as well, with the private server certificate on the machine this is being run from?
If traffic on port 4040 is SSL encrypted IRC traffic, then you would use the following: tshark -tad -lnx -o ssl.keys_list:<server-ip>,4040,irc,<path-to-private-key> -R irc You might want to use -V as well to get full protocol decodes, including the decrypted irc details. Cheers, Sake ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- tshark option to decrypt SSL? James Hozier (Sep 09)
- Re: tshark option to decrypt SSL? M Holt (Sep 09)
- Re: tshark option to decrypt SSL? Sake Blok (Sep 09)
- Re: tshark option to decrypt SSL? James Hozier (Sep 09)
- Re: tshark option to decrypt SSL? Sake Blok (Sep 09)
- Re: tshark option to decrypt SSL? James Hozier (Sep 09)
- Re: tshark option to decrypt SSL? James Hozier (Sep 09)
- Re: tshark option to decrypt SSL? James Hozier (Sep 09)