Revision history [back]
Actually, even though my data is not http (actually ASN.1 BER), I can still apply the http dissector and get the data via tls.segment.data, and even apply display filters to it:
tshark -r example_ssl.pcap -o "tls.debug_file:ssldebug.log" -o "tls.desegment_ssl_records:TRUE" -o "tls.desegment_ssl_application_data:TRUE" -o "tls.keylog_file:sslkeylog.txt" -d "tls.port==0-65535,http" -T fields -e "tls.segment.data"
Actually, even though know my data is not http (actually ASN.1 BER), http, I can still apply the http dissector and get the data via tls.segment.data, and even apply display filters to it:
tshark -r example_ssl.pcap -o "tls.debug_file:ssldebug.log" -o "tls.desegment_ssl_records:TRUE" -o "tls.desegment_ssl_application_data:TRUE" -o "tls.keylog_file:sslkeylog.txt" -d "tls.port==0-65535,http" -T fields -e "tls.segment.data"
Actually, even know my data is not http, I can still apply the http dissector and get the data via tls.segment.data, and even apply display filters to it:
tshark -r example_ssl.pcap etsi232_ssl.pcap -o "tls.debug_file:ssldebug.log" -o "tls.desegment_ssl_records:TRUE" -o "tls.desegment_ssl_application_data:TRUE" -o "tls.keylog_file:sslkeylog.txt" -d "tls.port==0-65535,http" -T fields -e "tls.segment.data"