Useful Wireshark filter for analysis of SSL Traffic.
Client Hello:
ssl.handshake.type == 1
Server Hello:
ssl.handshake.type == 2
NewSessionTicket:
ssl.handshake.type == 4
Certificate:
ssl.handshake.type == 11
CertificateRequest
ssl.handshake.type == 13
ServerHelloDone:
ssl.handshake.type == 14
Note: “ServerHellpDone” means full-handshake TLS session.
Cipher Suites:
ssl.handshake.ciphersuite
I found the below from Wiki. All these SSL handshake message types ( I had included some of them in the above) can be used as wireshark filter as well.
| 0 | HelloRequest |
| 1 | ClientHello |
| 2 | ServerHello |
| 4 | NewSessionTicket |
| 8 | EncryptedExtensions (TLS 1.3 only) |
| 11 | Certificate |
| 12 | ServerKeyExchange |
| 13 | CertificateRequest |
| 14 | ServerHelloDone |
| 15 | CertificateVerify |
| 16 | ClientKeyExchange |
| 20 | Finished |
์ถ์ฒ:
https://davidwzhang.com/2018/03/16/wireshark-filter-for-ssl-traffic/
Wireshark Filter for SSL Traffic
Useful Wireshark filter for analysis of SSL Traffic. Client Hello: ssl.handshake.type == 1 Server Hello: ssl.handshake.type == 2 NewSessionTicket: ssl.handshake.type == 4 Certificate: ssl.handshake…
davidwzhang.com
