tcpdump to show TLS client hello
Hello.
On my server I want to see if clients are using the protocol TLSv1.0 or TLSv1.2 tcpdump -i eth0 -w tls.dump then open tls.dump using wireshark and it show TLS1 or TLS1.2 correctly but I want to do it massively on large traffic. the idea is tcpdump -i eth0 "capture client/server hello"|grep TLS obviously that syntax is not recognized but I want to do a similar thing. Also if I user -w tls.dump, it capture the entire connection, but I need only the client/server hello, and I do not need the details but only if it is using TLS1.0 or 1.2 exists something that can help me? Thankyou P.S. The application is not an apache/443 but a mailserver/465 that not log the tls details Matteo |
Solved...
using tshark (part of wireshark package) |
All times are GMT -5. The time now is 03:47 PM. |