Using sleuth to calculate distribution of each individual offered cipher suite type
davidgrewtr opened this issue · 2 comments
davidgrewtr commented
I am using sleuth to calculate distribution of TLS offered cipher suites:-
./sleuth sample.gz --select "tls{cs}" --dist
This results in sleuth giving count of top combinations of cipher suites offered by the client e.g.,,
{"tls": {"cs": ["cc14", "cc13,", "c02b"]}, "count": 150, "total": 180}
{"tls": {"cs": ["cc14", "c030,", "cca9"]}, "count": 20, "total": 180}
.......
How can I use sleuth to calculate distribution of each individual "cs"? e.g.,:
`{"tls": {"cs": ["cc14,]}, "count": 170, "total": 180}`
`{"tls": {"cs": ["cc13,]}, "count": 150, "total": 180}`
`{"tls": {"cs": ["c02b,]}, "count": 150, "total": 180}
davidgrewtr commented
Anyone? I know it might not be an issue with sleuth itself but I do not know where else to ask this.
banderson84 commented
I am not sure if sleuth can do that. Here is a relatively simple jq/command line query:
jq 'select(.tls? != 1) | select(.tls.cs[]?) | .tls.cs[]' joy-output.json | sort | uniq -c | sort -nr