I'm an email admin at my place of employment. I want to see what clients are using TLS to send email to my SMTP server. I want this to run for about a week straight, so I want to only capture the initial handshake and I don't care about decrypting it. I'm really just interested in getting the remote server's name and IP.
Of course, the display filters is a different language than the capture filters so I can't just copy and paste. I have no idea why ;-)
I use tls.record.version == "TLS 1.0" or tls.record.version == "TLS 1.1" or tls.record.version == "TLS 1.2" for my display filter
I am a noob at being a Wireshark noob, so please be gentile. ;-)
thanks in advance.