 | 1 | initial version |
As @grahamb mentioned, Wireshark does not have a filter that is session aware for TLS. But luckily Wireshark does have a Lua scripting engine on board. I wrote a Lua script that will work as you described. Use the filter TLSextend.state==1 to see all packets from the TCP streams that contain a ClientHello, but not a ServerHello.
See: https://github.com/syn-bit/TLSextend
