Ask Your Question

alajeb's profile - activity

2020-08-13 05:27:47 +0000 received badge  Famous Question (source)
2020-06-17 02:28:36 +0000 received badge  Notable Question (source)
2020-06-17 02:28:36 +0000 received badge  Popular Question (source)
2020-05-04 15:05:43 +0000 asked a question TLS 1.3 certificate length

TLS 1.3 certificate length Hello, I'm working on analyzing TLS 1.3 traffic and I'm focusing on certificate messages. The

2020-04-22 11:29:19 +0000 commented answer Is MSS value of servers always fixe

We suppose that there is no proxying devices between the server and the client, what make a server change it's own MSS v

2020-04-22 11:20:36 +0000 marked best answer TLS 1.3 certificate

I'm analyzing a TLS1.3 handshake using latest version of wireshark and I can't find the certificate in the handshake (I know that the certificate in TLS1.3 is sent encrypted). In which packet can I find the certificate sent by the server ?

2020-04-22 11:00:15 +0000 commented answer Is MSS value of servers always fixe

I meant for a given server (for example facebook.com) is the MSS value always be the same, is it something configured th

2020-04-22 10:42:00 +0000 edited question Is MSS value of servers always fixe

Is MSS value of servers always fixe I'm making analysis of TCP connections of the most visited websites and I want to kn

2020-04-22 10:12:03 +0000 asked a question Is MSS value of servers always fixe

Is MSS value of servers always fixe I'm making analysis of TCP connections of the most visited websites and I want to kn

2020-04-21 17:32:22 +0000 marked best answer Why Wireshark don't annotate all reassembled packets with "tcp segment of a reassembled pdu"

I have a traffic capture that have some packets reassembled PDU but Wireshark don't annotate all the packets that are reassembles with "TCP segment of a reassembled PDU" is my interpretation is wrong or Wireshark don't annotate some packets Here is the capture https://drive.google.com/file/d/1MvaD... We can see that the 7th and the 8th frame are reassembled

2020-04-21 16:28:14 +0000 commented answer Why Wireshark don't annotate all reassembled packets with "tcp segment of a reassembled pdu"

Could you please explain to me what do you mean by "frames that are partial PDU's"

2020-04-21 15:26:36 +0000 asked a question Why Wireshark don't annotate all reassembled packets with "tcp segment of a reassembled pdu"

Why Wireshark don't annotate all reassembled packets with "tcp segment of a reassembled pdu" I have a traffic capture th

2020-04-20 20:48:29 +0000 received badge  Commentator
2020-04-20 20:48:29 +0000 commented answer What is the difference between “TCP payload” and “TCP segment data”?

The remaining 5 bytes are the TLS record header length (content type = 1 byte, version = 2 bytes, length = 2 bytes)

2020-04-14 15:48:27 +0000 marked best answer How to combine two filter in tshark

I want to combine two filter in a tshark command to extract the type of the TLS record so I tried this command but iy dosen't work. tshark -r capture.pcapng -T fields -e "tls.record.content_type && tls.record.opaque_type" -E separator="|"

Any help please?

2020-04-14 15:47:17 +0000 commented answer How to combine two filter in tshark

Could you explain more please Lua

2020-04-14 15:36:30 +0000 commented answer How to combine two filter in tshark

Is it possible to select tls.record.content_type and tls.record.opaque_type if they were both present or just one and pu

2020-04-14 15:15:50 +0000 asked a question How to combine two filter in tshark

How to combine two filter in tshark I want to combine two filter in a tshark command to extract the type of the TLS reco

2020-04-13 09:40:25 +0000 asked a question How to read a pcap file packet per packet

How to read a pcap file packet per packet I want to read a pcap file packet per packet and I didn't figure out how to do

2020-04-09 16:40:52 +0000 marked best answer How to automate following TLS streams?

I have a huge pcap file and I want to follow each TLS stream in this file. Is there any way to do this by using a script?

2020-04-09 16:40:52 +0000 received badge  Scholar (source)
2020-04-08 14:20:48 +0000 commented question How to automate following TLS streams?

yes exactly

2020-04-08 13:48:57 +0000 asked a question How to automate following TLS streams?

How to automate following TLS streams? I have a huge pcap file and I want to follow each TLS stream in this file. Is the

2020-03-12 07:55:11 +0000 received badge  Editor (source)
2020-03-12 07:55:11 +0000 edited question Capture traffic generated by a given program

Traffic generated by a given program Can I only capture the traffic generated by a given program, for exemple can I capt

2020-03-12 07:54:54 +0000 asked a question Capture traffic generated by a given program

Traffic generated by a given program Can I only capture the traffic generated by a given program, for exemple can I capt

2020-03-10 16:57:38 +0000 asked a question TLS handshake for a given client

TLS handshake for a given client I'm working on an academic project about TLS handshakes and i have captured some TLS tr

2020-03-10 13:43:28 +0000 commented answer Filter only TLSv1.2 packets

I want only TLSv1.2 messages

2020-03-10 13:30:02 +0000 asked a question Filter only TLSv1.2 packets

Filter only TLSv1.2 packets I want to display only TLSv1.2 client and server hellos messages in my wireshark capture, wh

2020-02-28 20:13:47 +0000 commented answer TLS 1.3 certificate

How to add the keyfile?

2020-02-28 20:07:09 +0000 commented answer TLS 1.3 certificate

What does the keyfile do ?

2020-02-28 14:52:35 +0000 commented answer TLS 1.3 certificate

How could I get the same display as in the screenshot. When I open the pcap there is only Client Hello, Server Hello and

2020-02-28 14:40:20 +0000 received badge  Rapid Responder (source)
2020-02-28 14:40:20 +0000 answered a question TLS 1.3 certificate

How could I get the same display as in the screenshot. When I open the pcap there is only Client Hello, Server Hello and

2020-02-28 14:02:03 +0000 commented answer TLS 1.3 certificate

What version of wireshark are you using please?

2020-02-28 13:03:45 +0000 commented question TLS 1.3 certificate

could you please give me a screenshot

2020-02-27 15:33:07 +0000 asked a question TLS 1.3 certificate

TLS 1.3 certificate I'm analyzing a TLS1.3 handshake using latest version of wireshark and I can't find the certificate