Wireshark mailing list archives
Decrypting SSL traffic through tshark
From: Sahaj <sahaj85 () gmail com>
Date: Thu, 11 Nov 2010 12:04:20 +0530
Hi All, I am new to wireshark, I need to decrypt SSL traffic to get content length. ./tshark -o "ssl.keys_list:,443,http,client.ky" -T fields -E separator=":" -e frame.time_relative -e frame.number -e tcp.len -e http.content_length -e tcp.flags.fin -e tcp.flags.push -R "ip.src == source_ip && ip.dst == destination_ip && tcp.srcport == 443 && ! (tcp.analysis.out_of_order) && ! (tcp.analysis.retransmission) " -r sample.pcap here the result is, 2.765700000:35:0::0:0 2.765990000:37:0::0:0 2.925676000:39:0::0:0 2.925967000:41:0::0:0 5.766952000:66:835::0:1 5.767578000:70:0::0:0 5.767648000:71:0::0:0 5.927948000:72:835::0:1 5.928435000:76:0::0:0 5.928609000:77:0::0:0 5.970891000:78:43::0:1 6.131897000:80:43::0:1 6.132293000:83:0::0:0 6.133199000:84:1460::0:0 6.134092000:85:1460::0:0 6.236042000:90:1280::1:1 the field for content length is empty. please help me out and suggest me if i am missing anything or doing wrong. thanks. -- Regards, Sahaj
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Decrypting SSL traffic through tshark Sahaj (Nov 11)
- Re: Decrypting SSL traffic through tshark Sake Blok (Nov 11)
- <Possible follow-ups>
- Re: Decrypting SSL traffic through tshark sahaj pandey (Nov 12)
- Re: Decrypting SSL traffic through tshark sahaj pandey (Nov 12)
- Re: Decrypting SSL traffic through tshark Sake Blok (Nov 12)