Decrypting SSL traffic through tshark

[Sahaj <sahaj85 () gmail com>]

Hi All,

I am new to wireshark,

I need to decrypt SSL traffic to get content length.

./tshark   -o "ssl.keys_list:,443,http,client.ky" -T fields -E separator=":"
 -e frame.time_relative -e frame.number -e tcp.len -e http.content_length -e
tcp.flags.fin -e tcp.flags.push  -R "ip.src == source_ip && ip.dst ==
destination_ip  && tcp.srcport == 443 && ! (tcp.analysis.out_of_order)  && !
(tcp.analysis.retransmission) "  -r sample.pcap

here the result is,

2.765700000:35:0::0:0
2.765990000:37:0::0:0
2.925676000:39:0::0:0
2.925967000:41:0::0:0
5.766952000:66:835::0:1
5.767578000:70:0::0:0
5.767648000:71:0::0:0
5.927948000:72:835::0:1
5.928435000:76:0::0:0
5.928609000:77:0::0:0
5.970891000:78:43::0:1
6.131897000:80:43::0:1
6.132293000:83:0::0:0
6.133199000:84:1460::0:0
6.134092000:85:1460::0:0
6.236042000:90:1280::1:1

the field for content length is empty.

please help me out and suggest me if i am missing anything or doing wrong.

thanks.

-- 
Regards,
Sahaj

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe