Closed
Description
Describe the feature
If I understand correctly, ecapture can only capture (and decrypt) network traffic for one port (default 443).
May it capture all network traffic (TCP and UDP) and decrypt TLS traffic from all ports in pcapng mode? Thanks!
The reason why I don't use tools like tcpdump is that tcpdump cannot only capture traffic for a specific PID, while ecapture can.
Expected behavior
sudo ./ecapture tls -i eth0 -w test.pcapng -p <pid>
Capture all network traffic for <pid> on eth0 (with TLS decrypted) regardless of port.