is it possible to see the used SSL-Version in a TCP-dump in an established TCP-connection without killing the connection and re-establishing it to capture the "Client Hello"? If yes, where can I find it?
BR and thanks in advance.
BTW: I also asked this question in the Network-engineering-Board. But as I need a quick answer to this question, I also post it here in order to reach more people. I hope that's ok.
No. After the initial handshake everything is encrypted.