Ask Your Question

How to automate following TLS streams?

asked 2020-04-08 13:48:57 +0000

alajeb gravatar image

I have a huge pcap file and I want to follow each TLS stream in this file. Is there any way to do this by using a script?

edit retag flag offensive close merge delete


Not sure what your desired end result is. Do you want each TLS stream in a separate capture file?

grahamb gravatar imagegrahamb ( 2020-04-08 14:13:57 +0000 )edit

yes exactly

alajeb gravatar imagealajeb ( 2020-04-08 14:20:48 +0000 )edit

1 Answer

Sort by ยป oldest newest most voted

answered 2020-04-08 14:36:47 +0000

grahamb gravatar image

This kind of thing generally needs multiple passes over the capture using tshark. First run a pass with a display filter to limit the output to the desired TLS traffic and add a T Fields -e argument to get a list of all tcp streams. Then use this list of streams to filter the original capture a single stream at a time and write the stream to a new file.

edit flag offensive delete link more


Similar question using a script to extract multiple streams.

Chuckc gravatar imageChuckc ( 2020-04-08 15:29:08 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2020-04-08 13:48:57 +0000

Seen: 47 times

Last updated: Apr 08