![]() Tshark -r LANInterfaceServer104.pcapng -Y -w TracewithTLS_versions.pcapng Tshark -r LANInterfaceServer104.pcapng -Y Ģ6953 - TLSv1.2 437 Certificate, Server Key Exchange, Server Hello Doneģ8554 - TLSv1.3 1414 Server Hello, Change Cipher Specīut then saving to a file, it has something different, I only find one TLS version, not all the packets are saved, and only those are in the new trace file created. ![]() That when displaying on the screen I see the packet flows with different TLS versions I think I have done it, using -r and -Y, but it's strange to me I have used "" for each trace on the graphical interface, but as number of traces files increases,(~162 files, ~28 Gb of traces), I would like to use tshark to read the capture files and to be able to display those packets which contain TLS handshake, indepently of the protocol, or port. The clients are connecting to the server using diferent protocols and ports, 443, 4343, 3389, 22 (HTTPS, RDP, SSH, FTPS mainly) and I try to indentify which versions of TLS are those clients using and which level of encryption. I have a long-term capture taken on a server which at the moment is set-up to accept several versions of TLS, 1.1, 1,2 and older ones from outdated clients.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |