#!/usr/bin/perl -w use strict; use File::Temp; use constant TSHARK => 'tshark'; my $tmp = new File::Temp (TEMPLATE => 'wiresharkSSLXXXXX', SUFFIX => '.log'); system ( TSHARK, '-o', 'ssl.desegment_ssl_records: TRUE', '-o', 'ssl.desegment_ssl_application_data: TRUE', '-o', 'ssl.debug_file: ' . $tmp->filename, '-r', $ARGV[0], '-R', '(tcp.port == 443) and (ip.addr == 83.140.176.156) and (ssl.record.version == 0x0301) and (ssl.record.content_type == 23)' ); local $/ = undef; $_ = <$tmp>; my $req = 0; my $res = 0; my $lreq = 0; while (/dissect_ssl3_record: content_type 23\s+decrypt_ssl3_record: app_data len (\d+) ssl, state 0x[0-9a-fA-F]+\s+association_find: TCP port \d+ found [0-9a-fA-F]+\s+packet_from_server: is from server - (\w+)/gis) { if ($2 ne 'TRUE') { print "req $1\n"; if ($lreq != $1) { $req += $1 - 32; } $lreq = $1; } else { print "res $1\n"; $res += $1 - 32; } } printf "\nREQ: %d RES: %d\n", $req, $res; exit;