tcpdump mailing list archives
Re: Decoding the unencrypted part(s) of SSL/TLS?
From: Michael Richardson <mcr () sandelman ca>
Date: Mon, 10 Dec 2012 23:38:29 -0500
"Rick" == Rick Jones <rick.jones2 () hp com> writes:
Rick> Is there a version of tcpdump in the works which will decode
Rick> the unecrypted
Rick> portions of an SSL/TLS session? Or do I need to look
Rick> elsewhere?
Yes/no.
You have, in general, to do TCP reassembly as TLS blocks might span TCP
segments.
Fortunately, you can use: http://www.rtfm.com/ssldump/
to do exactly that.
It takes pcap files. It even decrypts if you give it the keys.
--
] He who is tired of Weird Al is tired of life! | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr () sandelman ottawa on ca http://www.sandelman.ottawa.on.ca/ |device driver[
Kyoto Plus: watch the video <http://www.youtube.com/watch?v=kzx1ycLXQSE>
then sign the petition.
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Current thread:
- Decoding the unencrypted part(s) of SSL/TLS? Rick Jones (Dec 10)
- Re: Decoding the unencrypted part(s) of SSL/TLS? Michael Richardson (Dec 10)
- Re: Decoding the unencrypted part(s) of SSL/TLS? Wesley Shields (Dec 13)
- Re: Decoding the unencrypted part(s) of SSL/TLS? Rick Jones (Dec 11)
- Re: Decoding the unencrypted part(s) of SSL/TLS? Wesley Shields (Dec 13)
- Re: Decoding the unencrypted part(s) of SSL/TLS? Michael Richardson (Dec 10)