Cannot automate deprecated TLS filter capture
Hi,
I'm trying to capture all the deprecated TLS traffic (1.0, 1.1) with Tshark from an script and it didn't work as expected because when it filters the traffic it doesn't filter correctly.
The script is:
@echo off
rem Capture general traffic in a temp file
"path\tshark" -i 1 -w path\capture_traffic_general.pcapng -a duration:432000
rem Filter traffic wirh TLS versoins 0x0300, 0x0301 y 0x0302 and saves it in a new file
"path\tshark" -r path\capture_traffic_general.pcapng -Y "tls.record.version == 0x0300 or tls.record.version == 0x0301 or tls.record.version == 0x0302" -w path\capture_tls_versions.pcapng
rem Elimina el archivo temporal para liberar espacio
del path\capture_traffic_general.pcapng
When I see the final result in the export it only shows TLSv1.2 results.
"record" or "handshake version?
Would this be better:
tls.handshake.version < 0x0303