tcpdump mailing list archives
Re: tcpdump-workers Digest, Vol 72, Issue 3
From: Steve Bourland <sbourland () swri edu>
Date: Sun, 8 Jul 2018 22:19:50 -0500 (CDT)
If you have the server's certificate, wireshark has the capability to decrypt SSL traffic captured with tcpdump, but you must have the certificate and the start of the tcp session.
On Sun, 8 Jul 2018, tcpdump-workers-request () lists tcpdump org wrote:
Send tcpdump-workers mailing list submissions to tcpdump-workers () lists tcpdump org To subscribe or unsubscribe via the World Wide Web, visit https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers or, via email, send a message with subject or body 'help' to tcpdump-workers-request () lists tcpdump org You can reach the person managing the list at tcpdump-workers-owner () lists tcpdump org When replying, please edit your Subject line so it is more specific than "Re: Contents of tcpdump-workers digest..." Today's Topics: 1. Re: Packet capture of SSL traffic (Kaushal Shriyan) ---------------------------------------------------------------------- Message: 1 Date: Sun, 8 Jul 2018 10:53:40 +0530 From: Kaushal Shriyan <kaushalshriyan () gmail com> To: guy () alum mit edu Cc: tcpdump-workers () lists tcpdump org Subject: Re: [tcpdump-workers] Packet capture of SSL traffic Message-ID: <CAD7Ssm87j8SFKPC6Hxh+O3i8M0dtGoLzfZgjUnWqrzuDOZYj1w () mail gmail com> Content-Type: text/plain; charset="UTF-8" Thanks! Guy Harris for the explanation. Are there any tools which can decrypt SSL traffic once i do the packet capture of SSL traffic using tcpdump? I look forward to hearing from you. Best Regards, Kaushal On Sat, Jul 7, 2018 at 6:23 AM Guy Harris <guy () alum mit edu> wrote:On Jul 5, 2018, at 11:18 AM, Kaushal Shriyan <kaushalshriyan () gmail com> wrote: > Is there a way to run tcpdump to do packet capture on SSL traffic? Yes. Plug the machine running tcpdump into a network on which SSL traffic is being sent, in a fashion that allows it to see that traffic (bearing in mind, for example, that capturing third-party traffic on a switched network may be difficult or impossible), and run tcpdump, with the -w flag, so that it saves the traffic to a file, and either with no filter or with a filter that matches the SSL traffic. If you mean "is there a way to run tcpdump so that it can *dissect* SSL traffic", rather than just being able to put undissected raw packet contents, including SSL packets, into a file to be read by another program, the answer is "no" - tcpdump doesn't currently include the ability to decrypt SSL traffic. (I.e., there's more to being able to analyze traffic than just being able to capture it....)------------------------------ Subject: Digest Footer _______________________________________________ tcpdump-workers mailing list tcpdump-workers () lists tcpdump org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers ------------------------------ End of tcpdump-workers Digest, Vol 72, Issue 3 **********************************************
_______________________________________________ tcpdump-workers mailing list tcpdump-workers () lists tcpdump org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Current thread:
- Re: tcpdump-workers Digest, Vol 72, Issue 3 Steve Bourland (Jul 08)
- Re: tcpdump-workers Digest, Vol 72, Issue 3 Michael Richardson (Jul 08)