This is a static archive of our old Q&A Site. Please post any new questions and answers at

decrypt ssl to pcap


Hi, I'm trying to decrypt an ssl conversation using the ssl key.

This is working in the wireshark gui.
When I try to decrypt in tshark, this is also working, but I wan to decrypt it and save the result as a pcap file. This doesn't work.
When I use : tshark -o "ssl.desegment_ssl_records: TRUE" -o "ssl.desegment_ssl_application_data: TRUE" -o "ssl.keys_list:,443,http,/trace/test/test.pem" -t ad -r 443_test.pcap -w decrypted.pcap
the result is the same as the input-file.

Is there a way I can decrypt via cli to a pcap file?
I want to use the resulting pcap-file as input for tcpick, so I can save complete TCP sessions.

asked 27 Sep '11, 02:34

fcozijnsen's gravatar image

accept rate: 0%

One Answer:


The short answer: Wireshark/tshark aren't capable of saving decrypted packets to a pcap file.

See message thread starting at for some (possibly) relevant information.

See especially:

A Google search may find further info.

answered 27 Sep '11, 06:22

Bill%20Meier's gravatar image

Bill Meier ♦♦
accept rate: 17%

edited 27 Sep '11, 06:38

Is there an other way to create seperate files for each communication session? I'm now using tcpick to seperate the tcp streams from each other (and save each stream in a file) but this doesn't support ssl. I rather use wireshark, but is this even possible?

(27 Sep '11, 06:28) fcozijnsen