2021-10-26 15:24:43 +0000 | received badge | ● Famous Question (source) |
2020-07-24 09:57:20 +0000 | received badge | ● Notable Question (source) |
2020-07-24 09:57:20 +0000 | received badge | ● Popular Question (source) |
2019-09-09 08:13:58 +0000 | commented answer | Filter out tls 1.2/1.3 app_data using tshark Thanks. It seems to partially solve the problem. Now I have some sites in tls 1.2 and tls 1.3 filtered out too. It appe |
2019-09-09 08:07:00 +0000 | marked best answer | Filter out tls 1.2/1.3 app_data using tshark Hello, I use Wireshark 3.1.0 and tshark 3.0.3 in my dailywork and often have to analyse pcaps with huge amount of encrypted tls application data which I do not need. I usually simply filter out those packets with the filter "not tls.app_data" on wireshark GUI which works fine but I would like to directly remove those packets from the source pcaps via an automated script using tshark. I have tried : tshark -F pcap -r source.pcap -w filtered.pcap -Y "not tls.app_data" tshark -F pcap -r source.pcap -w filtered.pcap -Y "not (tls.record.content_type == 23 or tls.record.opaque_type ==23)" In both commands only TLS 1 seems to be filtered out and the TLS 1.2 and TLS 1.3 packets are still there tshark seems to not understand that tls 1.2 and tls 1.3 are to be considered as TLS packets. I would like to remove only the application data, I still need to keep the other type of tls record. Any help is welcome. EDIT : Extra info my tshark is using : libpcap version 1.7.4, with GnuTLS 3.4.10, with Gcrypt 1.6.5,with zlib 1.2.8. I'm starting to suspect that those lib version don't support TLS 1.2 or 1.3. |
2019-09-09 08:07:00 +0000 | received badge | ● Scholar (source) |
2019-09-05 14:14:17 +0000 | received badge | ● Editor (source) |
2019-09-05 14:14:17 +0000 | edited question | Filter out tls 1.2/1.3 app_data using tshark Filter out tls 1.2/1.3 app_data using tshark Hello, I use Wireshark 3.1.0 and tshark 3.0.3 in my dailywork and often ha |
2019-09-02 08:08:53 +0000 | asked a question | Filter out tls 1.2/1.3 app_data using tshark Filter out tls 1.2/1.3 app_data using tshark Hello, I use Wireshark 3.1.0 and tshark 3.0.3 in my dailywork and often ha |