Wireshark-users: Re: [Wireshark-users] The SSL tcp stream decoding in Users' Manual?
On 150926-17:39+0200, miro.rovis@xxxxxxxxxxxxxxxxx wrote:
> On 150923-14:08-0400, Jeff Morriss wrote:
...
> >
> > https://wiki.wireshark.org/SSL
...
I've spent a lot of time figuring out and successfully decoding all from
the traffic captures I made two days ago while visiting a page on
SourceForge, as you can see the summary of browsing of the same page
(with Dillo earlier, and with Wireshark, two days ago) on:
TLS (SSL) tcp stream decoding in your traffic dumps?
https://forums.gentoo.org/viewtopic-t-1029408.html#7821360
(a post in the already linked topic on Gentoo Forums)
and as I explain in the previous post on that topic of Gentoo Forums.
You can see in the post with summaries, that I used this command:
# tshark -r dump_150927_1848_g0n.pcap -q -z conv,ip
to get that summary in question.
I was wondering if there was a way, with tshark, to get also the name
resolved, and add one more column with resloved names corresponding to
the IP4 in the now first column?
Is that possible, without (and I plan to do that, only no time soon),
writing a lua script for the purpose?
Also, since I ask, I was wondering if it is possible to post traffic
captures, along with the screencasts that corresponds to the capture on
https://ask.wireshark.org/
with some non-Javascript browser like Dillo or Lynx?
?
What I mean is, I use my (primitive, just bash scripts) program:
http://github.com/miroR/uncenz
(and if any of the big boys reading this wants to use the idea, you are
welcome, and surely I will relicense it with the general-style BSD
license so that it becomes GNU-compatible)
The screencasts should really go along with the captures, as they act
like really quick reference and also often can be used to easily explain
to newbies, let alone to the complete lay visitors, what happened in a
particular captured traffic.
--
Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr
Attachment:
signature.asc
Description: PGP signature