How to automate following TLS streams?

asked 2020-04-08 13:48:57 +0000

alajeb
9 ●3 ●6 ●9

I have a huge pcap file and I want to follow each TLS stream in this file. Is there any way to do this by using a script?

Comments

Not sure what your desired end result is. Do you want each TLS stream in a separate capture file?

grahamb ( 2020-04-08 14:13:57 +0000 )edit

yes exactly

alajeb ( 2020-04-08 14:20:48 +0000 )edit

add a comment

answered 2020-04-08 14:36:47 +0000

grahamb

flag of United Kingdom of Great Britain and Northern Ireland

23835 ●4 ●973 ●227 https://www.wireshark.org

This kind of thing generally needs multiple passes over the capture using tshark. First run a pass with a display filter to limit the output to the desired TLS traffic and add a T Fields -e tcp.stream argument to get a list of all tcp streams. Then use this list of streams to filter the original capture a single stream at a time and write the stream to a new file.

edit flag offensive delete link

Comments

Similar question using a script to extract multiple streams.

Chuckc ( 2020-04-08 15:29:08 +0000 )edit

add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

How to automate following TLS streams?

Comments

1 Answer

Comments

Your Answer

Question Tools

Stats

Related questions

How to automate following TLS streams? edit

Comments

1 Answer

Comments

Your Answer

Question Tools

Stats

Related questions

How to automate following TLS streams?