I am analysing a capture of encrypted traffic with wireshark. I have decrypted the traffic with the proper passphrase in wireshark and I can see the decrypted data of each frame.
The point is that if I search a packet with a certain string I cannot find it. Even though I have the certainty the string is decrypted given that I can see such data in the decrypted data of a frame.
I have already tried to search in packet bytes/list/details with string option and I also have searched by hexvalue without success.
A workaround that came into my mind that consists of using tshark to decrypt the traffic and make an hexdump to a text file. After that, use grep to find the string. However, this is not a nice approach.
How would you find a string with wireshark on a decrypted traffic capture?