This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

With previous versions (1.4.x) of tshark I've used the ssl.key_list option, in the following way:

tshark.exe -r input.pcap -o ssl.keys_list:172.30.2.107,443,http,private.key  -R "http.request" -T fields -e frame.number -e "tcp.stream"

But this seems to no longer work, probably because with new versions of wireshark, ssl keys are specified in a file of their own and not under the preferences file. So how should I specify the ssl keys for tshark in 1.6? Must I edit the ssl config file? Is it a bug?

asked 27 Jun '11, 06:51

r0u1i's gravatar image

r0u1i
617712
accept rate: 0%

edited 27 Jun '11, 06:51


New version Wireshark(v1.6x) put the ssl.key_list to a file named ssl_keys which is in personal profile folder, copy the string and paste under the "-o ssl.keys_list:" option, the difference between the new version and old version is the "ssl.key_list" option format, new version should use UAT string, following is a command line which works for me.

tshark -r private_bob.pcap -o ssl.keys_list:"192.168.3.206","443","http","e:\education\ssl\wireshark_ssl\private-key.pem" -o ssl.debug_file:"e:\temp\ssl-debug.log" -V -R http

It seems only work with key file in PEM format without passphrase, I can't use a p12 format cert file with private key even I provide the passphrase for the private key like in Wireshark.

permanent link

answered 25 Aug '11, 18:36

Raymond%20Wang's gravatar image

Raymond Wang
411
accept rate: 100%

edited 09 Feb '12, 05:06

grahamb's gravatar image

grahamb ♦
19.8k330206

Check the option string in ssl_keys file, I find all the backslash in the key file path are lost in my answer.

(25 Aug '11, 18:41) Raymond Wang

thanks, and sorry for the late response. Works in 1.6.2, but seems that it doesn't work anymore in 1.6.5 ... investigating further

(09 Feb '12, 04:07) r0u1i

To display the "\" character in your answer, you need to "escape" it with another backslash. You also need to prefix an underscore with a backslash. I've fixed the backslashes and underscores in your answer.

(09 Feb '12, 05:02) grahamb ♦

the private-key.pem is on web-server? i want use to call the remote server.... fiddler dont need any key file,but that only support windows.

(07 Sep '15, 00:30) zhylninc
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×832
×319

question asked: 27 Jun '11, 06:51

question was seen: 20,072 times

last updated: 07 Sep '15, 02:47

p​o​w​e​r​e​d by O​S​Q​A