Filter only TLSv1.2 packets
I want to display only TLSv1.2 client and server hellos messages in my wireshark capture, what is the filter that I can use?
I want to display only TLSv1.2 client and server hellos messages in my wireshark capture, what is the filter that I can use?
The full TLS handshake: tls.record.content_type == 22
Client Hello:tls.handshake.type == 1
Server Hello: tls.handshake.type == 2
Client or Server Hello: tls.handshake.type == 2 or tls.handshake.type == 1
Are tshark and grep an option?
https://ask.wireshark.org/question/98...
There is a discussion in this bug about support for filtering on the Protocol column:
https://bugs.wireshark.org/bugzilla/s...
https://code.wireshark.org/review/git...
The dissector keeps track of the session version but I don't see where it's exposed to filter on.
ssl_session->session.version == TLSV1DOT2_VERSION
Please start posting anonymously - your entry will be published after you log in or create a new account.
Asked: 2020-03-10 13:30:02 +0000
Seen: 13,524 times
Last updated: Mar 10 '20