This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How to decrypt ssl traffic with centos TShark 1.10.3 ?

0

link text

i try it on the windows TShark (Wireshark) 1.99.9 (v1.99.9-0-g52a4a78 from master) no wireshark_ssl found and any pem file....

i want on centos decrypt ssl use by tshark.how?

asked 07 Sep '15, 00:57

zhylninc's gravatar image

zhylninc
6112
accept rate: 0%

One Answer:

0

Please take a look at the Wiki:

https://wiki.wireshark.org/SSL#Wireshark

If you search for "tshark", you'll find the following.

# tshark commands
tshark -o "ssl.desegment_ssl_records: TRUE" -o "ssl.desegment_ssl_application_data: TRUE" -o "ssl.keys_list: 127.0.0.1,4443,http,/home/dirkx/xx/privkey.pem" -o "ssl.debug_file: /home/dirkx/.wireshark-log" -i eth0 -R "tcp.port == 4443"

So, if that does not work for you, please post the full tshark command you were running and the full error message printed by tshark.

Regards
Kurt

answered 07 Sep '15, 16:33

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%