[Zeek] Fwd: handshake ssl
Rober Fernández
roberixion at gmail.com
Thu Jan 17 03:04:07 PST 2019
---------- Forwarded message ---------
From: Rober Fernández <roberixion at gmail.com>
Date: jue., 17 ene. 2019 a las 12:03
Subject: handshake ssl
To: <zeek at zeek.org>
1. Question
i would like obtain the bytes related with the field certificates, but i
don't see any event to get it.
Attach a wireshark image with the field underlined.
2. Question
There is a way to extract exclusively the payload generate in each packet
of the ssl handshake?
for example
struct {
ProtocolVersion client_version;
Random random;
SessionID session_id;
CipherSuite cipher_suites<2..2^16-2>;
CompressionMethod compression_methods<1..2^8-1>;
select (extensions_present) {
case false:
struct {};
case true:
Extension extensions<0..2^16-1>;
};
} ClientHello;
all bytes of this struct of Client Hello.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190117/78603956/attachment-0001.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: certificate.png
Type: image/png
Size: 29504 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190117/78603956/attachment-0001.bin
More information about the Zeek
mailing list