goTLSHelloDecoder

Decode a pcap file containing TLS Handshakes

Input files are created using:

tcpdump -nn -i any -w outfile.pcap 'tcp and port 443 and tcp[(((tcp[12:1] & 0xf0) >> 2)):1] = 0x16 and ((tcp[(((tcp[12:1] & 0xf0) >> 2)+5):1] = 0x01) or (tcp[(((tcp[12:1] & 0xf0) >> 2)+5):1] = 0x02))'

Short explanation: Listen to packets on port 443 (https), find offset of tcp payload and check if it starts with the TLS magic number and version SSLVv3 or TLSv1.x.

Name		Name	Last commit message	Last commit date
Latest commit History 19 Commits
pcap_analyze		pcap_analyze
sniffer		sniffer
.gitignore		.gitignore
DecodeHandshake.go		DecodeHandshake.go
DecodeRecordProtocol.go		DecodeRecordProtocol.go
LICENSE		LICENSE
README.md		README.md
_iana_to_json.py		_iana_to_json.py
common.go		common.go
iana_tls-params_min.csv		iana_tls-params_min.csv
iana_tls-params_min.json		iana_tls-params_min.json
init.go		init.go

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

pcap_analyze

pcap_analyze

sniffer

sniffer

.gitignore

.gitignore

DecodeHandshake.go

DecodeHandshake.go

DecodeRecordProtocol.go

DecodeRecordProtocol.go

LICENSE

LICENSE

README.md

README.md

_iana_to_json.py

_iana_to_json.py

common.go

common.go

iana_tls-params_min.csv

iana_tls-params_min.csv

iana_tls-params_min.json

iana_tls-params_min.json

init.go

init.go

Repository files navigation

goTLSHelloDecoder

About

Releases

Packages

Languages

License

tianlai/TLSHandshakeDecoder

Folders and files

Latest commit

History

Repository files navigation

goTLSHelloDecoder

About

Resources

License

Stars

Watchers

Forks

Languages