This is a static archive of our old Q&A Site. Please post any new questions and answers at

Capture filter with SSL hex output from tshark


I'm using the answer from this question to hex data from SSL traffic, how do I add a capture filter along with this so that I get hex dump of only that hosts' application data. I tried using 'host' but said that its a capture filter . I need to basically filter for this host and need to get decrypted hex dump of application data alone. Can tshark do that?

asked 23 Jan '15, 13:34

arungeorg81's gravatar image

accept rate: 0%

converted 23 Jan '15, 14:03

grahamb's gravatar image

grahamb ♦

One Answer:


Assuming you're using a command line similar to that of the answer to which you attached your question, i.e.

tshark -Vnxr pcap -R (filter) > textfile

Then the -R (filter) part of the answer is for a display filter. For a capture filter use -f (filter), as explained in the tshark help file or the output of tshark -h:

Capture interface:                                                           
  -i <interface>      name or idx of interface (def: first non-loopback)
  -f <capture filter>      packet filter in libpcap filter syntax            

answered 23 Jan '15, 14:07

grahamb's gravatar image

grahamb ♦
accept rate: 22%