How to automate following TLS streams?
I have a huge pcap file and I want to follow each TLS stream in this file. Is there any way to do this by using a script?
I have a huge pcap file and I want to follow each TLS stream in this file. Is there any way to do this by using a script?
This kind of thing generally needs multiple passes over the capture using tshark. First run a pass with a display filter to limit the output to the desired TLS traffic and add a T Fields -e tcp.stream
argument to get a list of all tcp streams. Then use this list of streams to filter the original capture a single stream at a time and write the stream to a new file.
Please start posting anonymously - your entry will be published after you log in or create a new account.
Asked: 2020-04-08 13:48:57 +0000
Seen: 286 times
Last updated: Apr 08 '20
Not sure what your desired end result is. Do you want each TLS stream in a separate capture file?
yes exactly