Goto: "Statistics" -> 'Conversations" -> "List"
Export PDU's (high level data)
<user_name> ALL = NOPASSWD: /usr/sbin/wireshark
sudo setcap cap_net_raw,cap_net_admin+eip /usr/sbin/dumpcap
Tip: Extract WPA handshake from large Pcap file.
tshark -r <inputfile> -R "eapol || wlan_mgt.tag.interpretation eq \
<ESSID> || (wlan.fc.type_subtype==0x08 && wlan_mgt.ssid eq <ESSID>)" \
-w <outputfile>
Tip: Extract SSL Certs from large PCAP file.
tshark -nr ssl.pcapng -2 -R "ssl.handshake.certificate" -V > out.txt