First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
0

comment suivre tls stream

comment suivre tls stream eq ?? d'un paquet spécifique avec commande line tshark...je besoin de suivre tls stream d'une paquet wireshark dans mon script Bash ......comment faire pour rendre ce résultat????

djo-hamdo's avatar
1
djo-hamdo
asked 2020-11-13 02:06:03 +0000
edit flag offensive 0 remove flag close merge delete

Comments

Google translate:
"how to follow tls stream eq ?? of a specific package with command line tshark ... i need to follow tls stream of a wireshark package in my Bash script ...... how do I make this result ????"

Chuckc's avatar Chuckc (2020-11-13 03:43:07 +0000) edit
add a comment see more comments

1 Answer

0

Do you have the key information needed to view the TLS data?

Wireshark$ tshark -r ./rsasnakeoil2.pcap -z follow,tls,hex,0 -q | head -10

===================================================================
Follow: tls,hex
Filter: tcp.stream eq 0
Node 0: 127.0.0.1:38713
Node 1: :0
00000000  47 45 54 20 2f 20 48 54  54 50 2f 31 2e 31 0d 0a  GET / HT TP/1.1..
00000010  48 6f 73 74 3a 20 6c 6f  63 61 6c 68 6f 73 74 0d  Host: lo calhost.
00000020  0a 55 73 65 72 2d 41 67  65 6e 74 3a 20 4d 6f 7a  .User-Ag ent: Moz
00000030  69 6c 6c 61 2f 35 2e 30  20 28 58 31 31 3b 20 55  illa/5.0  (X11; U
Wireshark$
Wireshark$ tshark -G currentprefs | grep -i snakeoil
tls.keylog_file: C:\Users\admin\Documents\Wireshark\wireshark-3.2.6\wireshark\test\keys\rsasnakeoil2.key
Wireshark$


Test files available in the Gitlab repository test data

Chuckc's avatar
3k
Chuckc
answered 2020-11-13 04:21:36 +0000, updated 2020-11-13 04:25:18 +0000
edit flag offensive 0 remove flag delete link

Comments

je besoin de faire avec terminal cette action la ======>>>https://i.stack.imgur.com/XTYa4.png je filtrer mon pcap wireshark ensuite click droit d'un paquet et suivre tls stream ....comment faire ca dans script bash

djo-hamdo's avatar djo-hamdo (2020-11-13 12:32:22 +0000) edit

Google translate: I need to do this action with terminal

I filter my wireshark pcap then right click on a packet and follow tls stream. ... how to do this in bash script

grahamb's avatar grahamb (2020-11-13 12:37:48 +0000) edit

There are examples on the man page:

Example: -z "follow,tcp,hex,1" will display the contents of the second TCP stream (the first is stream 0) in "hex" format.
Chuckc's avatar Chuckc (2020-11-13 14:04:14 +0000) edit

Que signifie le 428 dans (tcp.stream eq 428) comment détecter et préciser ce nombre dans wireshark ????

djo-hamdo's avatar djo-hamdo (2020-11-13 14:12:58 +0000) edit

"What does 428 mean in (tcp.stream eq 428) how to detect and specify this number in wireshark ????"

tcp.stream is a Wireshark generated field (has square brackets [ ] around it) found in the packet details under TCP (Transmission Control Protocol)

[Stream index: 0]
Chuckc's avatar Chuckc (2020-11-13 14:32:34 +0000) edit
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer