Re: Packet capture of SSL traffic

[Kaushal Shriyan <kaushalshriyan () gmail com>]

Thanks! Guy Harris for the explanation. Are there any tools which can decrypt
SSL traffic once i do the packet capture of SSL traffic using tcpdump?

I look forward to hearing from you.

Best Regards,

Kaushal

On Sat, Jul 7, 2018 at 6:23 AM Guy Harris <guy () alum mit edu> wrote:

> On Jul 5, 2018, at 11:18 AM, Kaushal Shriyan <kaushalshriyan () gmail com>
> wrote:
>
> > Is there a way to run tcpdump to do packet capture on SSL traffic?
>
> Yes.  Plug the machine running tcpdump into a network on which SSL traffic
> is being sent, in a fashion that allows it to see that traffic (bearing in
> mind, for example, that capturing third-party traffic on a switched network
> may be difficult or impossible), and run tcpdump, with the -w flag, so that
> it saves the traffic to a file, and either with no filter or with a filter
> that matches the SSL traffic.
>
> If you mean "is there a way to run tcpdump so that it can *dissect* SSL
> traffic", rather than just being able to put undissected raw packet
> contents, including SSL packets, into a file to be read by another program,
> the answer is "no" - tcpdump doesn't currently include the ability to
> decrypt SSL traffic.
>
> (I.e., there's more to being able to analyze traffic than just being able
> to capture it....)
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers