This is a part of Wireshark documentation and is provided as example code which you could modify to your needs. Per the same question asked on Wireshark forums, there is a lua script that will do the same legwork as this bash script. Iterate over those streams so that the display filter will look likeĬreating your own Display Filter with Lua.Get a sorted list of TLSv1.3 stream numbers.Printf "Display filter for TLSv1.3:\n$display_filter\n" Tcp_streams="$(tshark -r $filename -T fields -e tcp.stream \ You can find this display filter easily with this bash script: #!/bin/bash Together, this should be something like tcp stream eq 0 & tls.
If you want to measure the number of connections rather than the amount of data, you can limit the capture or display. Note that a filter of http is not equivalent to the other two, which will include handshake and termination packets. In Wireshark, you can follow this TLSv1.3 stream by right clicking on a packet in the stream and then adding & tls to see only TLSv1.3 packets in the stream (tcp packets will show up in the stream). For HTTP, you can use a capture filter of: tcp port 80. There is no easy filter for TLSv1.3 given that TLSv1.3 tries to masquerade as TLSv1.2 for compatibility reasons.Ĭurrent as of (Wireshark may add this at some point) Wireshark
0 kommentar(er)
