TShark does a good job of picking out SSL/TLS connections, but sometimes misses things where non-standard ports have been used.
For example, looking at a PCAP where a tor client has been started, there's a guard using port 9035 as it's ORPort so we get no information from that at all.
If running tshark manually, we'd pass in
To force use of the SSL dissector for that port, so it'd be good to have some means in the configuration to specify particular ports (as well as the defaults) that we want treated as SSL/TLS.
It'd allow a user to iterate over a PCAP, looking at the dest ip/ports list to identify unexpected port numbers and then re-run treating those as SSL.