tcpdump mailing list archives
Re: Decoding the unencrypted part(s) of SSL/TLS?
From: Michael Richardson <mcr () sandelman ca>
Date: Mon, 10 Dec 2012 23:38:29 -0500
"Rick" == Rick Jones <rick.jones2 () hp com> writes:
Rick> Is there a version of tcpdump in the works which will decode Rick> the unecrypted Rick> portions of an SSL/TLS session? Or do I need to look Rick> elsewhere? Yes/no. You have, in general, to do TCP reassembly as TLS blocks might span TCP segments. Fortunately, you can use: http://www.rtfm.com/ssldump/ to do exactly that. It takes pcap files. It even decrypts if you give it the keys. -- ] He who is tired of Weird Al is tired of life! | firewalls [ ] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[ ] mcr () sandelman ottawa on ca http://www.sandelman.ottawa.on.ca/ |device driver[ Kyoto Plus: watch the video <http://www.youtube.com/watch?v=kzx1ycLXQSE> then sign the petition. _______________________________________________ tcpdump-workers mailing list tcpdump-workers () lists tcpdump org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Current thread:
- Decoding the unencrypted part(s) of SSL/TLS? Rick Jones (Dec 10)
- Re: Decoding the unencrypted part(s) of SSL/TLS? Michael Richardson (Dec 10)
- Re: Decoding the unencrypted part(s) of SSL/TLS? Wesley Shields (Dec 13)
- Re: Decoding the unencrypted part(s) of SSL/TLS? Rick Jones (Dec 11)
- Re: Decoding the unencrypted part(s) of SSL/TLS? Wesley Shields (Dec 13)
- Re: Decoding the unencrypted part(s) of SSL/TLS? Michael Richardson (Dec 10)