nDPI
nDPI copied to clipboard
ntop
How to analyze all information of TLS from pcap using -J?
Hi,
How to analyze all information of TLS protocol from pcap? The following command does not work(nDPI version 4.5.0), though command shows -J is an option.
Command line prompt:
Welcome to nDPI 4.5.0
ndpiReader -i <file|device> [-f <filter>][-s <duration>][-m <duration>][-b <num bin clusters>]
[-p <protos>][-l <loops> [-q][-d][-J][-h][-H][-D][-e <len>][-E][-t][-v <level>]
[-n <threads>][-w <file>][-c <file>][-C <file>][-j <file>][-x <file>]
[-r <file>][-j <file>][-S <file>][-T <num>][-U <num>] [-x <domain>][-z]
[-a <mode>]
The following command does not work.
ndpiReader -J -i ./sample.pcap -C sample.csv
Thanks.
@zliucd, there is no 'J' option. The help message is wrong: a patch will be merged soon
@zliucd , not sure if I am understanding it right... With https://github.com/ntop/nDPI/pull/1770 we are simply going to update the help message and remove the 'J' option from the list of the available options. Please note that there is no code associated to this option... What are you trying to achieve?
@IvanNardi I'm trying to analyze all sorts of information from TLS(such as SPLT, byte dist, cipher suites, x509 etc) and output them to csv.
Following command generates limited information from TLS:
ndpiReader -i ./sample.pcap -C sample.csv
You should have more information with -v2 or -v3; you could also try something like -P 4:8:10:128:25.
You will definitely get bytes distribution, chipher suites and certificate info
These information are surely printed on stdout; no sure if they are also exported in csv
Help message has been fixed in https://github.com/ntop/nDPI/commit/6c84ce85e430c6200b26aabeb34522db026d1bd8 @zliucd, do you need some other info or can we close this issue?