Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

How can I extract parameters from pcap

How can I extract paramteres from pcap file? I have TLS handshake messages in pcap. I need to extract the version field in the client hello. How can I extract the fields of interest in a text file for processing? I mean tools? programming? Here is the hello structure:

     |
     |
     |  Handshake Layer
     |
     |
- ---+----+----+----+----+----+----+----------+----+----------+----+----+----+----------+
     |  2 |    |    |    |    |    |  32byte  |    |max 32byte|    |    |    |Extensions|
     |0x02|    |    |    |  3 |  1 |  random  |    |session Id|    |    |    |          |
- ---+----+----+----+----+----+----+----------+----+----------+--------------+----------+
  /  |  \    \---------\    \----\               \       \       \----\    \
 /       \        \            \                  \   SessionId      \  Compression
record    \     length        SSL/TLS              \ (if length > 0)  \   method
length     \                  version           SessionId              \
            type: 2       (TLS 1.0 here)         length            CipherSuite

How can I extract parameters from pcap

How can I extract paramteres from pcap file? I have TLS handshake messages in pcap. I need to extract the version field in the client hello. How can I extract the fields of interest in a text file for processing? I mean tools? programming? Here is the hello structure:

|
     |
     |
     |  Handshake Layer
     |
     |
- ---+----+----+----+----+----+----+----------+----+----------+----+----+----+----------+
     |  2 |    |    |    |    |    |  32byte  | ---+----+----+----+----+----+----+------+----+----------+--------+-----------+----------+
     |  1 |    |    |    |    |    |32-bit|    |max 32byte|    |    |    |Extensions|
     |0x02| 32-bit| Cipher |Compression|Extensions|
     |0x01|    |    |    |  3 |  1 |  random  | |random|    |session Id|    |    |   Suites |  methods  |          |
- ---+----+----+----+----+----+----+----------+----+----------+--------------+----------+
---+----+----+----+----+----+----+------+----+----------+--------+-----------+----------+
  /  |  \    \---------\    \----\               \       \       \----\ \       \
 /       \        \            \                  \   SessionId      \  Compression
\   SessionId
record    \     length        SSL/TLS              \ (if \
length > 0)  \   method
length     \                  version           SessionId              \
SessionId
            type: 2 1       (TLS 1.0 here)         length            CipherSuite
length

How can I extract parameters from pcap

How can I extract paramteres from pcap file? I have a pcpa file for TLS handshake messages in pcap. messages. I need to pares it to extract the version field in the client hello. How can I extract the fields of interest in a text file for processing? I mean parameters values. Are there any tools? programming? Here is the hello structure:libraries (preferably Java or python) to do this?

|
     |
     |
     |  Handshake Layer
     |
     |
- ---+----+----+----+----+----+----+------+----+----------+--------+-----------+----------+
     |  1 |    |    |    |    |    |32-bit|    |max 32-bit| Cipher |Compression|Extensions|
     |0x01|    |    |    |  3 |  1 |random|    |session Id| Suites |  methods  |          |
- ---+----+----+----+----+----+----+------+----+----------+--------+-----------+----------+
  /  |  \    \---------\    \----\             \       \
 /       \        \            \                \   SessionId
record    \     length        SSL/TLS            \
length     \                  version         SessionId
            type: 1       (TLS 1.0 here)       length