This is our old Q&A Site. Please post any new questions and answers at

What is a capture filter to capture SSLV3 traffic only? I know the display filter is ssl.record.version==0x0300.

asked 16 Nov '15, 08:26

patrickwill's gravatar image

accept rate: 0%

Can you please try this:


HINT: As capture filters work in a frame level, this capture filter will only capture the frame with the SSLv3 handshake. No more, no less. If you want to capture the whole SSLv3 session, there is no simple capture filter for that. The only option would be to capture everything on port 443 and later filter for connections with SSLv3 handshake in tshark to get the TCP stream number and then you can filter for that TCP stream number in a second step (with scripting).


permanent link

answered 16 Nov '15, 12:24

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
accept rate: 15%

Thanks Kurt it worked perfect.

(17 Nov '15, 05:15) patrickwill


Hint: If a supplied answer resolves your question can you please "accept" it by clicking the checkmark icon next to it. This highlights good answers for the benefit of subsequent users with the same or similar questions. For extra points you can up vote the answer (thumb up).

(17 Nov '15, 05:25) Kurt Knochner ♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 16 Nov '15, 08:26

question was seen: 2,446 times

last updated: 17 Nov '15, 05:25

p​o​w​e​r​e​d by O​S​Q​A