tls-hello-dump icon indicating copy to clipboard operation
tls-hello-dump copied to clipboard

Published 20 hours ago verified publisher icon ge0rg

Can't get the source and destination IPs in the output?

Open ghost opened this issue 7 years ago • 3 comments

Thanks for your prompt responses. I need to view the source/destination IPs. I compile the code as: gcc tls-hello-dump.c -LOG_ADDRESSES -o tls-hello -lpcap But the output does not show the addresses. Only the hellos content. Can you clarify?

ghost avatar Feb 04 '18 19:02 ghost

The correct parameter is -DLOG_ADDRESSES with -D for "define".

ge0rg avatar Feb 04 '18 19:02 ge0rg

tcp port 443 and tcp[tcp[12]/16*4]=22 and (tcp[tcp[12]/16*4+5]=1 or tcp[tcp[12]/16*4+5]=2) Is this the same exact capture filter that I can use in tcpdump directly? I mean will I get the same output as your parser if I use the above capture filter?

ghost avatar Feb 04 '18 19:02 ghost

You can use the same filter to obtain a PCAP file that you can later run through tls-hello-dump. The default output of tcpdump however shows a full dissection of the packet, whereas my tool only prints the TLS Hello.

ge0rg avatar Feb 04 '18 19:02 ge0rg