Good afternoon, I need to filter from the capture that I have made only the IPs that use TLS and RC4 as an algorithm. When I want to filter through Cipher Suite it brings me as a result IPs that have many more algorithms and what I need to know is specifically where the connection was established. Thank you |
Others may have something better; you could use the following display filter: ssl.handshake.version >= 0x301 and ssl contains "rc4" Value 0x301 and above covers TLS 1.0 - 1.3 HI thnks! but I can not filter what are the connections that were really established with the server and the reason for those that did not :-(
(30 Oct '17, 07:45)
lsalazar
Your answer has been converted to a comment as that's how this site works. Please read the FAQ for more information.
(30 Oct '17, 23:17)
Jaap ♦
|