TLS and RC4

Good afternoon, I need to filter from the capture that I have made only the IPs that use TLS and RC4 as an algorithm. When I want to filter through Cipher Suite it brings me as a result IPs that have many more algorithms and what I need to know is specifically where the connection was established.

Thank you

tls rc4

asked 26 Oct '17, 11:08

lsalazar
6●1●1●2
accept rate: 0%

One Answer:

active answers oldest answers newest answers popular answers

Others may have something better; you could use the following display filter:

ssl.handshake.version >= 0x301 and ssl contains "rc4"

Value 0x301 and above covers TLS 1.0 - 1.3

permanent link

answered 26 Oct '17, 12:31

Papa Packet
6●3
accept rate: 0%

edited 26 Oct '17, 12:33

HI thnks! but I can not filter what are the connections that were really established with the server and the reason for those that did not :-(

(30 Oct '17, 07:45) lsalazar

Your answer has been converted to a comment as that's how this site works. Please read the FAQ for more information.

(30 Oct '17, 23:17) Jaap ♦

Your answer

toggle preview

community wiki:

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

*italic* or _italic_
**bold** or __bold__
link:[text](http://url.com/ "title")
image?![alt text](/path/img.jpg "title")
numbered list: 1. Foo 2. Bar
to add a line break simply add two spaces to where you would like the new line to be.
basic HTML tags are also supported

learn more about Markdown

Question tags:

tls ×75
rc4 ×1

question asked: 26 Oct '17, 11:08

question was seen: 1,147 times

last updated: 30 Oct '17, 23:17

TLS and RC4

Follow this question

You have a trillion packets.

You need to see four of them.

Don't have Wireshark?

Related questions