Ask Your Question

Revision history [back]

Cannot automate deprecated TLS filter capture

Hi,

I'm trying to capture all the deprecated TLS traffic (1.0, 1.1) with Tshark from an script and it didn't work as expected because when it filters the traffic it doesn't filter correctly.

The script is:

@echo off

rem Capture general traffic in a temp file "path\tshark" -i 1 -w path\capture_traffic_general.pcapng -a duration:432000

rem Filter traffic wirh TLS versoins 0x0300, 0x0301 y 0x0302 and saves it in a new file "path\tshark" -r path\capture_traffic_general.pcapng -Y "tls.record.version == 0x0300 or tls.record.version == 0x0301 or tls.record.version == 0x0302" -w path\capture_tls_versions.pcapng

rem Elimina el archivo temporal para liberar espacio del path\capture_traffic_general.pcapng

When I see the final result in the export it only shows TLSv1.2 results.

click to hide/show revision 2
None

updated 2024-11-06 13:15:07 +0000

grahamb gravatar image

Cannot automate deprecated TLS filter capture

Hi,

I'm trying to capture all the deprecated TLS traffic (1.0, 1.1) with Tshark from an script and it didn't work as expected because when it filters the traffic it doesn't filter correctly.

The script is:

@echo off
off
  
rem Capture general traffic in a temp file
"path\tshark" -i 1 -w path\capture_traffic_general.pcapng -a duration:432000
duration:432000
  
rem Filter traffic wirh TLS versoins 0x0300, 0x0301 y 0x0302 and saves it in a new file
"path\tshark" -r path\capture_traffic_general.pcapng -Y "tls.record.version == 0x0300 or tls.record.version == 0x0301 or tls.record.version == 0x0302" -w path\capture_tls_versions.pcapng
path\capture_tls_versions.pcapng
  
rem Elimina el archivo temporal para liberar espacio
del path\capture_traffic_general.pcapng
path\capture_traffic_general.pcapng

When I see the final result in the export it only shows TLSv1.2 results.