tcpdump to show TLS client hello
Hello.
On my server I want to see if clients are using the protocol TLSv1.0 or TLSv1.2
tcpdump -i eth0 -w tls.dump
then open tls.dump using wireshark and it show TLS1 or TLS1.2 correctly
but I want to do it massively on large traffic.
the idea is
tcpdump -i eth0 "capture client/server hello"|grep TLS
obviously that syntax is not recognized but I want to do a similar thing.
Also if I user -w tls.dump, it capture the entire connection, but I need only the client/server hello, and I do not need the details but only if it is using TLS1.0 or 1.2
exists something that can help me?
Thankyou
P.S. The application is not an apache/443 but a mailserver/465 that not log the tls details
Matteo
|