Ask Your Question
0

TLS Handshake Ciphersuite: how to extract `showname` string using tshark?

asked 2020-04-02 17:22:45 +0000

alohawireshark gravatar image

I am trying to extract sensible information from the TLS header of a packet. Right now, I am using tshark and obtaining integer values, which for the example data below, would be 10. Is there a mapping between integers and cipher suites? for example:

int        cipher_suite
10         TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
...        ...
k          XYZ

Data:

 <field name="tls.handshake.ciphersuite" showname="Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)" size="2" pos="164" show="10" value="000a"/>
edit retag flag offensive close merge delete

Comments

How are you using tshark, please show the version and your command line arguments?

grahamb gravatar imagegrahamb ( 2020-04-03 14:30:39 +0000 )edit

1 Answer

Sort by ยป oldest newest most voted
0

answered 2020-04-03 18:40:50 +0000

cmaynard gravatar image

Is there a mapping between integers and cipher suites?

The answer to this question is "Yes". See https://www.iana.org/assignments/tls-...

You can also have a look at the value_string arrays and tables in the packet-tls-utils.c file to see how Wireshark and tshark perform these lookups.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2020-04-02 17:22:45 +0000

Seen: 733 times

Last updated: Apr 03 '20