# Revision history [back]

### How can I extract parameters from pcap

How can I extract paramteres from pcap file? I have TLS handshake messages in pcap. I need to extract the version field in the client hello. How can I extract the fields of interest in a text file for processing? I mean tools? programming? Here is the hello structure:

     |
|
|  Handshake Layer
|
|
- ---+----+----+----+----+----+----+----------+----+----------+----+----+----+----------+
|  2 |    |    |    |    |    |  32byte  |    |max 32byte|    |    |    |Extensions|
|0x02|    |    |    |  3 |  1 |  random  |    |session Id|    |    |    |          |
- ---+----+----+----+----+----+----+----------+----+----------+--------------+----------+
/  |  \    \---------\    \----\               \       \       \----\    \
/       \        \            \                  \   SessionId      \  Compression
record    \     length        SSL/TLS              \ (if length > 0)  \   method
length     \                  version           SessionId              \
type: 2       (TLS 1.0 here)         length            CipherSuite


### How can I extract parameters from pcap

How can I extract paramteres from pcap file? I have TLS handshake messages in pcap. I need to extract the version field in the client hello. How can I extract the fields of interest in a text file for processing? I mean tools? programming? Here is the hello structure:

|
|
|
|  Handshake Layer
|
|
- ---+----+----+----+----+----+----+----------+----+----------+----+----+----+----------+
|  2 |    |    |    |    |    |  32byte  | ---+----+----+----+----+----+----+------+----+----------+--------+-----------+----------+
|  1 |    |    |    |    |    |32-bit|    |max 32byte|    |    |    |Extensions|
|0x02| 32-bit| Cipher |Compression|Extensions|
|0x01|    |    |    |  3 |  1 |  random  | |random|    |session Id|    |    |   Suites |  methods  |          |
- ---+----+----+----+----+----+----+----------+----+----------+--------------+----------+
---+----+----+----+----+----+----+------+----+----------+--------+-----------+----------+
/  |  \    \---------\    \----\               \       \       \----\ \       \
/       \        \            \                  \   SessionId      \  Compression
\   SessionId
record    \     length        SSL/TLS              \ (if \
length > 0)  \   method
length     \                  version           SessionId              \
SessionId
type: 2 1       (TLS 1.0 here)         length            CipherSuite
length


### How can I extract parameters from pcap

How can I extract paramteres from pcap file? I have a pcpa file for TLS handshake messages in pcap. messages. I need to pares it to extract the version field in the client hello. How can I extract the fields of interest in a text file for processing? I mean parameters values. Are there any tools? programming? Here is the hello structure:libraries (preferably Java or python) to do this?

|
|
|
|  Handshake Layer
|
|
- ---+----+----+----+----+----+----+------+----+----------+--------+-----------+----------+
|  1 |    |    |    |    |    |32-bit|    |max 32-bit| Cipher |Compression|Extensions|
|0x01|    |    |    |  3 |  1 |random|    |session Id| Suites |  methods  |          |
- ---+----+----+----+----+----+----+------+----+----------+--------+-----------+----------+
/  |  \    \---------\    \----\             \       \
/       \        \            \                \   SessionId
record    \     length        SSL/TLS            \
length     \                  version         SessionId
type: 1       (TLS 1.0 here)       length