comment suivre tls stream

answered 2020-11-13 04:21:36 +0000

Chuckc
2808 ●5 ●566 ●19

updated 2020-11-13 04:25:18 +0000

Do you have the key information needed to view the TLS data?

Wireshark$ tshark -r ./rsasnakeoil2.pcap -z follow,tls,hex,0 -q | head -10

===================================================================
Follow: tls,hex
Filter: tcp.stream eq 0
Node 0: 127.0.0.1:38713
Node 1: :0
00000000  47 45 54 20 2f 20 48 54  54 50 2f 31 2e 31 0d 0a  GET / HT TP/1.1..
00000010  48 6f 73 74 3a 20 6c 6f  63 61 6c 68 6f 73 74 0d  Host: lo calhost.
00000020  0a 55 73 65 72 2d 41 67  65 6e 74 3a 20 4d 6f 7a  .User-Ag ent: Moz
00000030  69 6c 6c 61 2f 35 2e 30  20 28 58 31 31 3b 20 55  illa/5.0  (X11; U
Wireshark$
Wireshark$ tshark -G currentprefs | grep -i snakeoil
tls.keylog_file: C:\Users\admin\Documents\Wireshark\wireshark-3.2.6\wireshark\test\keys\rsasnakeoil2.key
Wireshark$

Test files available in the Gitlab repository test data

edit flag offensive delete link

Comments

je besoin de faire avec terminal cette action la ======>>>https://i.stack.imgur.com/XTYa4.png je filtrer mon pcap wireshark ensuite click droit d'un paquet et suivre tls stream ....comment faire ca dans script bash

djo-hamdo ( 2020-11-13 12:32:22 +0000 )edit

Google translate: I need to do this action with terminal

I filter my wireshark pcap then right click on a packet and follow tls stream. ... how to do this in bash script

grahamb ( 2020-11-13 12:37:48 +0000 )edit

There are examples on the man page:

Example: -z "follow,tcp,hex,1" will display the contents of the second TCP stream (the first is stream 0) in "hex" format.

Chuckc ( 2020-11-13 14:04:14 +0000 )edit

Que signifie le 428 dans (tcp.stream eq 428) comment détecter et préciser ce nombre dans wireshark ????

djo-hamdo ( 2020-11-13 14:12:58 +0000 )edit

"What does 428 mean in (tcp.stream eq 428) how to detect and specify this number in wireshark ????"

tcp.stream is a Wireshark generated field (has square brackets [ ] around it) found in the packet details under TCP (Transmission Control Protocol)

[Stream index: 0]

Chuckc ( 2020-11-13 14:32:34 +0000 )edit

haw get this number from wireshark (428)

djo-hamdo ( 2020-11-13 14:42:46 +0000 )edit

Are you working from an example or class exercise that you can share?

Chuckc ( 2020-11-13 14:44:12 +0000 )edit

j'ai un pcap file filtrer avec ssl.handshake.type.extension-server_name=="bla bla" ..ce filter en output 1 client hello ensuite je faire suivre tls stream ===> tous ce la dans interface graphique wireshark ...mon but de faire tous cela avec terminal ===> script bash

djo-hamdo ( 2020-11-13 14:51:06 +0000 )edit

"I have a pcap file to filter with ssl.handshake.type.extension-server_name == "bla bla" .. this filter in output 1 client hello then I forward tls stream ===> all this in wireshark GUI. ..my goal to do all of this with terminal ===> bash script"

$ tshark -r ./ultpcap2.pcapng -T fields -e tcp.stream -e tls.handshake.extensions_server_name -Y tls.handshake.extensions_server_name
88      ip.webernetz.net
90      dovecot.weberlab.de
110     ip.webernetz.net
113     random.weberlab.de
114     random.weberlab.de
$

$ tshark -r ./ultpcap2.pcapng -T fields -e tcp.stream -Y "tls.handshake.extensions_server_name==ip.webernetz.net"
88
110
$

Chuckc ( 2020-11-13 15:03:29 +0000 )edit

Quesque ca vi dire 88 110 ???? est ceque le nombre de flux tcp ou udp ....exemple tcp.stream eq 88 ou 110???

djo-hamdo ( 2020-11-13 15:22:21 +0000 )edit

see more comments

comment suivre tls stream

Comments

1 Answer

Comments

Your Answer

Question Tools

Stats

Related questions

comment suivre tls stream edit

Comments

1 Answer

Comments

Your Answer

Question Tools

Stats

Related questions

comment suivre tls stream