tshark 获取了的json,截取其中的tls特征名,记录一下
"tls": {
"tls.record": {
"tls.record.content_type": "22",
"tls.record.version": "0x00000303",
"tls.record.length": "81",
"tls.change_cipher_spec": ""
"tls.app_data": "00:00:00:00:00:00:00:01:27:ab:cb:0a:42:5c:33:6d:28:58:54:40:50:67:31:4c:87:71:ca:4a:75:ab:09:56:4a:17:8d:61:8c:b2:e9:fb:77:b0:72:b1:12:d9:c9:d6:e6:cf:91:63:46:b1:50:4c:1a:24:52:f9:d6:b8:52:1e:8d:25:96:26:b3:2e:1c:0d:c6:e9:f8",
"tls.app_data_proto": "smtp"
"tls.handshake": {
"tls.handshake.type": "2",
"tls.handshake.length": "77",
"tls.handshake.version": "0x00000303",
"tls.handshake.random": "55:63:54:3a:09:3e:c8:57:e0:fc:06:7c:3f:fa:86:45:74:9e:e9:ae:7a:78:3e:ad:af:17:1d:55:28:e0:39:76",
"tls.handshake.random_tree": {
"tls.handshake.random_time": "May 26, 2015 00:56:26.000000000 中国标准时间",
"tls.handshake.random_bytes": "09:3e:c8:57:e0:fc:06:7c:3f:fa:86:45:74:9e:e9:ae:7a:78:3e:ad:af:17:1d:55:28:e0:39:76"
},
"tls.handshake.session_id_length": "32",
"tls.handshake.session_id": "a9:ee:3c:e4:aa:a3:36:01:c1:5f:6b:84:29:d7:1e:42:b4:3d:a9:93:f4:3f:ed:5d:ed:4d:49:d2:f2:cc:e7:29",
"tls.handshake.ciphersuite": "49199",
"tls.handshake.comp_method": "0",
"tls.handshake.extensions_length": "5",
"Extension: renegotiation_info (len=1)": {
"tls.handshake.extension.type": "65281",
"tls.handshake.extension.len": "1",
"Renegotiation Info extension": {
"tls.handshake.extensions_reneg_info_len": "0"
}
}
}
},
"tls.record": {
"tls.record.content_type": "20",
"tls.record.version": "0x00000303",
"tls.record.length": "1",
"tls.change_cipher_spec": {
"_ws.expert": {
"tls.resumed": "",
"_ws.expert.message": "This session reuses previously negotiated keys (Session resumption)",
"_ws.expert.severity": "4194304",
"_ws.expert.group": "33554432"
}
}
},
"tls.record": {
"tls.record.content_type": "22",
"tls.record.version": "0x00000303",
"tls.record.length": "40",
"tls.handshake": ""
}
}
}
}
},
"tls.handshake.session_id_length": "0",
"tls.handshake.cipher_suites_length": "46",
"tls.handshake.ciphersuites": {
"tls.handshake.ciphersuite": "49195",
"tls.handshake.ciphersuite": "49199",
"tls.handshake.ciphersuite": "49162",
"tls.handshake.ciphersuite": "49161",
"tls.handshake.ciphersuite": "49171",
"tls.handshake.ciphersuite": "49172",
"tls.handshake.ciphersuite": "49170",
"tls.handshake.ciphersuite": "49159",
"tls.handshake.ciphersuite": "49169",
"tls.handshake.ciphersuite": "51",
"tls.handshake.ciphersuite": "50",
"tls.handshake.ciphersuite": "69",
"tls.handshake.ciphersuite": "57",
"tls.handshake.ciphersuite": "56",
"tls.handshake.ciphersuite": "136",
"tls.handshake.ciphersuite": "22",
"tls.handshake.ciphersuite": "47",
"tls.handshake.ciphersuite": "65",
"tls.handshake.ciphersuite": "53",
"tls.handshake.ciphersuite": "132",
"tls.handshake.ciphersuite": "10",
"tls.handshake.ciphersuite": "5",
"tls.handshake.ciphersuite": "4"
},
"tls.handshake.comp_methods_length": "1",
"tls.handshake.comp_methods": {
"tls.handshake.comp_method": "0"
},
"tls.handshake.extensions_length": "86",
"Extension: server_name (len=24)": {
"tls.handshake.extension.type": "0",
"tls.handshake.extension.len": "24",
"Server Name Indication extension": {
"tls.handshake.extensions_server_name_list_len": "22",
"tls.handshake.extensions_server_name_type": "0",
"tls.handshake.extensions_server_name_len": "19",
"tls.handshake.extensions_server_name": "smtp.googlemail.com"
}
},
"Extension: renegotiation_info (len=1)": {
"tls.handshake.extension.type": "65281",
"tls.handshake.extension.len": "1",
"Renegotiation Info extension": {
"tls.handshake.extensions_reneg_info_len": "0"
}
},
"Extension: supported_groups (len=8)": {
"tls.handshake.extension.type": "10",
"tls.handshake.extension.len": "8",
"tls.handshake.extensions_supported_groups_length": "6",
"tls.handshake.extensions_supported_groups": {
"tls.handshake.extensions_supported_group": "0x00000017",
"tls.handshake.extensions_supported_group": "0x00000018",
"tls.handshake.extensions_supported_group": "0x00000019"
}
},
"Extension: ec_point_formats (len=2)": {
"tls.handshake.extension.type": "11",
"tls.handshake.extension.len": "2",
"tls.handshake.extensions_ec_point_formats_length": "1",
"tls.handshake.extensions_ec_point_formats": {
"tls.handshake.extensions_ec_point_format": "0"
}
},
"Extension: session_ticket (len=0)": {
"tls.handshake.extension.type": "35",
"tls.handshake.extension.len": "0",
"tls.handshake.extension.data": ""
},
"Extension: status_request (len=5)": {
"tls.handshake.extension.type": "5",
"tls.handshake.extension.len": "5",
"tls.handshake.extensions_status_request_type": "1",
"tls.handshake.extensions_status_request_responder_ids_len": "0",
"tls.handshake.extensions_status_request_exts_len": "0"
},
"Extension: signature_algorithms (len=18)": {
"tls.handshake.extension.type": "13",
"tls.handshake.extension.len": "18",
"tls.handshake.sig_hash_alg_len": "16",
"tls.handshake.sig_hash_algs": {
"tls.handshake.sig_hash_alg": "0x00000401",
"tls.handshake.sig_hash_alg_tree": {
"tls.handshake.sig_hash_hash": "4",
"tls.handshake.sig_hash_sig": "1"
},
"tls.handshake.sig_hash_alg": "0x00000501",
"tls.handshake.sig_hash_alg_tree": {
"tls.handshake.sig_hash_hash": "5",
"tls.handshake.sig_hash_sig": "1"
},
"tls.handshake.sig_hash_alg": "0x00000201",
"tls.handshake.sig_hash_alg_tree": {
"tls.handshake.sig_hash_hash": "2",
"tls.handshake.sig_hash_sig": "1"
},
"tls.handshake.sig_hash_alg": "0x00000403",
"tls.handshake.sig_hash_alg_tree": {
"tls.handshake.sig_hash_hash": "4",
"tls.handshake.sig_hash_sig": "3"
},
"tls.handshake.sig_hash_alg": "0x00000503",
"tls.handshake.sig_hash_alg_tree": {
"tls.handshake.sig_hash_hash": "5",
"tls.handshake.sig_hash_sig": "3"
},
"tls.handshake.sig_hash_alg": "0x00000203",
"tls.handshake.sig_hash_alg_tree": {
"tls.handshake.sig_hash_hash": "2",
"tls.handshake.sig_hash_sig": "3"
},
"tls.handshake.sig_hash_alg": "0x00000402",
"tls.handshake.sig_hash_alg_tree": {
"tls.handshake.sig_hash_hash": "4",
"tls.handshake.sig_hash_sig": "2"
},
"tls.handshake.sig_hash_alg": "0x00000202",
"tls.handshake.sig_hash_alg_tree": {
"tls.handshake.sig_hash_hash": "2",
"tls.handshake.sig_hash_sig": "2"