TLS Handshake Ciphersuite: how to extract `showname` string using tshark?
I am trying to extract sensible information from the TLS header of a packet. Right now, I am using tshark and obtaining integer values, which for the example data below, would be 10. Is there a mapping between integers and cipher suites? for example:
int cipher_suite
10 TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
... ...
k XYZ
Data:
<field name="tls.handshake.ciphersuite" showname="Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)" size="2" pos="164" show="10" value="000a"/>
How are you using tshark, please show the version and your command line arguments?