Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 8280] New: Add support in TShark to follow SSL streams

Wireshark-bugs: [Wireshark-bugs] [Bug 8280] New: Add support in TShark to follow SSL streams

Date: Wed, 30 Jan 2013 16:16:09 +0000

Bug ID	8280
Summary	Add support in TShark to follow SSL streams
Classification	Unclassified
Product	Wireshark
Version	1.8.5
Hardware	All
OS	All
Status	UNCONFIRMED
Severity	Enhancement
Priority	Low
Component	TShark
Assignee	bugzilla-admin@wireshark.org
Reporter	msaal@qacafe.com

Created attachment 9909 [details]
Patch to add SSL follow stream capability.

Build Information:
TShark 1.8.5 (SVN Rev 47355 from /releases/wireshark-1.8.5)

Copyright 1998-2013 Gerald Combs <gerald@wireshark.org> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GLib 2.32.3, with libpcap, with libz 1.2.3.4, with POSIX
capabilities (Linux), with SMI 0.4.8, with c-ares 1.7.5, with Lua 5.1, without
Python, with GnuTLS 2.12.14, with Gcrypt 1.5.0, with MIT Kerberos, with GeoIP.

Running on Linux 3.2.0-36-generic, with locale en_US.UTF-8, with libpcap
version
1.1.1, with libz 1.2.3.4.

Built using gcc 4.6.3.
--
Add support to follow SSL streams like wireshark does. SSL streams are selected
with their TCP stream index.

This is a follow on to bug 6684.

The -z switch has been extended with 'follow,ssl' to follow SSL streams.

Usage:
  tshark -q -r <cap-file> [-o "ssl.keys_list:
<ip-addr>,<port>,<protocol>,<private-key>"] -z
follow,ssl,<mode>,<filter>[,<range>]

<mode> - output format
  ascii   # ascii data with dots
  hex     # hex and ascii data with offsets
  raw     # hex data

<filter>
  <tcp-stream-index>

<range> - display specified "chunks" of stream (optional
  <min>-<max> # display stream chunks number 'min' through 'max'
  <num>       # dsiplay stream chunk number num'

Examples:
  tshark -r <cap-file> -q -o "ssl.keys_list:
<ip-addr>,<port>,<protocol>,<private-key>" -z follow,ssl,raw,1,2-4
  tshark -r <cap-file> -q -o "ssl.keys_list:
<ip-addr>,<port>,<protocol>,<private-key>" -z follow,ssl,ascii,1,5
  tshark -r <cap-file> -q -o "ssl.keys_list:
<ip-addr>,<port>,<protocol>,<private-key>" -z follow,ssl,hex

You are receiving this mail because:

You are watching all bug changes.

Follow-Ups:
- [Wireshark-bugs] [Bug 8280] Add support in TShark to follow SSL streams
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 8280] Add support in TShark to follow SSL streams
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 8280] Add support in TShark to follow SSL streams
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 7493] Dissector for the Parrot AR Drone
Next by Date: [Wireshark-bugs] [Bug 8280] Add support in TShark to follow SSL streams
Previous by thread: [Wireshark-bugs] [Bug 7493] Dissector for the Parrot AR Drone
Next by thread: [Wireshark-bugs] [Bug 8280] Add support in TShark to follow SSL streams
Index(es):
- Date
- Thread