Wireshark-users: Re: [Wireshark-users] The SSL tcp stream decoding in Users' Manual?
From: Jeff Morriss <jeff.morriss.ws@xxxxxxxxx>
Date: Wed, 23 Sep 2015 14:08:34 -0400
On 09/23/15 12:33, miro.rovis@xxxxxxxxxxxxxxxxx wrote:
On 150923-13:17+0200, miro.rovis@xxxxxxxxxxxxxxxxx wrote:
In simple search, currently, if you open:

https://www.wireshark.org/docs/wsug_html/

and search the text for 'XXX', then (again: currently) the first
instance you encounter is:

Follow SSL Stream | Same functionality as “Follow TCP Stream” but for
SSL streams. XXX - how to provide the SSL keys?

Will there be that, in those docs, or is it in some other docs, and where in
the world of the [F]ree [O]pen [S]ource [S]oftware, to which the
Wireshark program belongs...

Will there be that arcane knowledge, or, kind readers from anywhere who
are reading this, if it is somewhere else, pls. tell us!

It's the piece of mosaic that, missing as it is, huge pictures in my
dumps just can not be put together, as in so many other users dumps...

Regards!
--
Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr

I'm asking about this issue on Gentoo Forums too.

TLS (SSL) tcp stream decoding in your traffic dumps?
https://forums.gentoo.org/viewtopic-t-1029408.html

So you just want to decrypt the SSL [so you can eventually follow the decrypted stream], right? The wiki's got good documentation on how to do that:

https://wiki.wireshark.org/SSL