This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I'm using the answer from this question to hex data from SSL traffic, how do I add a capture filter along with this so that I get hex dump of only that hosts' application data. I tried using 'host gateway.push.apple.com' but said that its a capture filter . I need to basically filter for this host and need to get decrypted hex dump of application data alone. Can tshark do that?

asked 23 Jan '15, 13:34

arungeorg81's gravatar image

arungeorg81
1112
accept rate: 0%

converted 23 Jan '15, 14:03

grahamb's gravatar image

grahamb ♦
19.8k330206


Assuming you're using a command line similar to that of the answer to which you attached your question, i.e.

tshark -Vnxr pcap -R (filter) > textfile

Then the -R (filter) part of the answer is for a display filter. For a capture filter use -f (filter), as explained in the tshark help file or the output of tshark -h:

Capture interface:                                                           
  -i <interface>      name or idx of interface (def: first non-loopback)
  -f <capture filter>      packet filter in libpcap filter syntax            
  ...
permanent link

answered 23 Jan '15, 14:07

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×832
×549
×349
×319

question asked: 23 Jan '15, 13:34

question was seen: 1,789 times

last updated: 23 Jan '15, 14:07

p​o​w​e​r​e​d by O​S​Q​A