Hi all: My wireshark version 1.12.5, I captured DTLS packets(pre-shared-key), Wireshark is able to show decrypted payload, but since the payload is another protocol, i'd like to export it into another pcap and use wireshark to analyze it. I've learned that i could use "Export PDUs" functionality to do that. as explained in here: https://www.wireshark.org/lists/wireshark-users/201407/msg00038.html However, after I select "export PDUs" ,with OSI Layer 7 option, no packets showing up. Does anyone knows why?
asked 18 Jun '15, 21:20
Wireshark 1.12 can only export deciphered packets for which a sub dissector handle (protocol in preference window) is configured. Presumable you did not fill any.
Wireshark v1.99.8rc0-121-gcdc7d25 and later now also supports the export of captures using heuristic sub dissectors. It can be downloaded from https://www.wireshark.org/download/automated/
If your payload is for a protocol not currently supported by Wireshark, ensure to configure the "data" dissector as protocol so as to have the payload exported.
answered 24 Jun '15, 17:27