Advanced Problem Determination

Hypothetical scenario is that a user has disabled TLS < 1.2 and has sporadic SSL handshake failures.  The suspected culprit is just a non-TLS 1.2 client, but people can be simultaneously skeptical and lazy. # Show TLSv1.2 client hellos tshark -Y "ssl.handshake.version == 0x303" -r ssl.cap  # Show TLSv1.1 client hellos tshark -Y "ssl.handshake.version == 0x302" -r ssl.cap  # Show TLSv1.0 client hellos tshark -Y "ssl.handshake.version == 0x301" -r ssl.cap  Caution!  It's easy to glance at wireshark/tshark output and be confused that all clients speak TLSv1.2.  TLS has versioning at the outter record layer and also in the inner handshake messages.  99% of the time, the inner  versioning is the important one.  But wireshark will often display TLSv1.2 on the outter layer even when it's transmitted as 0x30 x00 because of some early ambiguity in specs.  Net, don't look at the version in the Record twistie or the en...

On many systems, the backtick or $() operator causes a temporary file to be used to capture the output of the command before shoving it into the variable.  Often times these are by design only intending to capture and process one line (or even one word!) of output. Many of these uses can be refactored into reading from a pipeline: NEW_PATH=`foo|grep bar | ...`  ... $NEW_PATH ...  ... $NEW_PATH ...  ... $NEW_PATH ... becomes foo|grep bar | while read NEW_PATH; do    ... $NEW_PATH ...    ... $NEW_PATH ...    ... $NEW_PATH ... done On a degenerate, but not at all staged shell script that I looked at, this cut the execution time by 3x (which was important because it took in excess of 90 seconds to run)