This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

tshark: command syntax for decrypting TLS traffic from 2 or more servers

1

Hi everyone,

I'm able to correctly decrypt the TLS traffic from one server by specifying the command option:

-o ssl.keys_list:192.168.10.1,1200,tpkt,"server-key1.pem"

Now I need to simultaneously decrypt also the communication with another server. I made a few tries, but I can't guess the correct syntax for doing this. Using:

-o ssl.keys_list:192.168.10.1,1200,tpkt,"server-key1.pem" -o ssl.keys_list:192.168.10.2,1200,tpkt,"server-key2.pem"

the second command option overwrite the first one, so I'm able to decrypt only the traffic from the second server.

Does anyone knows the right syntax?

asked 11 Nov '15, 03:45

theo66's gravatar image

theo66
913512
accept rate: 50%

edited 11 Nov '15, 03:46


One Answer:

2

Solution found!

-o "ssl.keys_list:192.168.10.1,1200,tpkt,server-key1.pem;192.168.10.2,1200,tpkt,server-key2.pem"

answered 11 Nov '15, 04:09

theo66's gravatar image

theo66
913512
accept rate: 50%

edited 11 Nov '15, 04:22