How can I extract paramteres from pcap file? I have TLS handshake messages in pcap. I need to extract the version field in the client hello. How can I extract the fields of interest in a text file for processing? I mean tools? programming? Here is the hello structure:
|
|
| Handshake Layer
|
|
- ---+----+----+----+----+----+----+----------+----+----------+----+----+----+----------+
| 2 | | | | | | 32byte | |max 32byte| | | |Extensions|
|0x02| | | | 3 | 1 | random | |session Id| | | | |
- ---+----+----+----+----+----+----+----------+----+----------+--------------+----------+
/ | \ \---------\ \----\ \ \ \----\ \
/ \ \ \ \ SessionId \ Compression
record \ length SSL/TLS \ (if length > 0) \ method
length \ version SessionId \
type: 2 (TLS 1.0 here) length CipherSuite