Filter only TLSv1.2 packets

alajeb
9 ●2 ●4 ●7

I want to display only TLSv1.2 client and server hellos messages in my wireshark capture, what is the filter that I can use?

Chuckc
2858 ●5 ●569 ●19

The full TLS handshake: tls.record.content_type == 22

Client Hello:tls.handshake.type == 1

Server Hello: tls.handshake.type == 2

Client or Server Hello: tls.handshake.type == 2 or tls.handshake.type == 1

Comments

I want only TLSv1.2 messages

alajeb ( 2020-03-10 13:43:28 +0000 )edit

Only client Hello that match a server responding with TLSv1.2 or all client Hello messages?

Chuckc ( 2020-03-10 14:11:25 +0000 )edit

Are tshark and grep an option?
https://ask.wireshark.org/question/98...

There is a discussion in this bug about support for filtering on the Protocol column:
https://bugs.wireshark.org/bugzilla/s...

https://code.wireshark.org/review/git...
The dissector keeps track of the session version but I don't see where it's exposed to filter on.

ssl_session->session.version == TLSV1DOT2_VERSION

Chuckc ( 2020-03-10 14:16:36 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.