April 2013
Intermediate to advanced
68 pages
1h 32m
English
In this recipe we will see how to force Tshark to use the correct dissector when a certain protocol runs in an uncommon port. We also see how to decode SSL traffic through a real example.
bmerino@Mordor:/$ tshark -r ssh.pcap -R "frame.number==9" -V | grep "LeCroy VICP" -A 5 LeCroy VICP Operation: 0x35 Protocol version: 54 Sequence number: 44 Unused: 0x61 Data length: 1919116911