LinuxQuestions.org - [SOLVED] tcpdump to show TLS client hello

Hello.

On my server I want to see if clients are using the protocol TLSv1.0 or TLSv1.2

tcpdump -i eth0 -w tls.dump

then open tls.dump using wireshark and it show TLS1 or TLS1.2 correctly

but I want to do it massively on large traffic.

the idea is
tcpdump -i eth0 "capture client/server hello"|grep TLS

obviously that syntax is not recognized but I want to do a similar thing.

Also if I user -w tls.dump, it capture the entire connection, but I need only the client/server hello, and I do not need the details but only if it is using TLS1.0 or 1.2

exists something that can help me?

Thankyou

P.S. The application is not an apache/443 but a mailserver/465 that not log the tls details
Matteo