Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can't get the source and destination IPs in the output? #8

Open
ghost opened this issue Feb 4, 2018 · 3 comments
Open

Can't get the source and destination IPs in the output? #8

ghost opened this issue Feb 4, 2018 · 3 comments

Comments

@ghost
Copy link

ghost commented Feb 4, 2018

Thanks for your prompt responses. I need to view the source/destination IPs. I compile the code as:
gcc tls-hello-dump.c -LOG_ADDRESSES -o tls-hello -lpcap
But the output does not show the addresses. Only the hellos content. Can you clarify?
@ge0rg
Copy link
Owner

ge0rg commented Feb 4, 2018

The correct parameter is -DLOG_ADDRESSES with -D for "define".

@ghost
Copy link
Author

ghost commented Feb 4, 2018

tcp port 443 and tcp[tcp[12]/16*4]=22 and (tcp[tcp[12]/16*4+5]=1 or tcp[tcp[12]/16*4+5]=2)
Is this the same exact capture filter that I can use in tcpdump directly? I mean will I get the same output as your parser if I use the above capture filter?

@ge0rg
Copy link
Owner

ge0rg commented Feb 4, 2018

You can use the same filter to obtain a PCAP file that you can later run through tls-hello-dump. The default output of tcpdump however shows a full dissection of the packet, whereas my tool only prints the TLS Hello.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ge0rg