Re: Packet capture of SSL traffic

[Guy Harris <gharris () sonic net>]

(Re-sending from my real e-mail address as opposed to my forwarding-for-life address, as the latter was causing issues 
and required moderation.)

On Jul 5, 2018, at 11:18 AM, Kaushal Shriyan <kaushalshriyan () gmail com> wrote:

> Is there a way to run tcpdump to do packet capture on SSL traffic?

Yes.  Plug the machine running tcpdump into a network on which SSL traffic is being sent, in a fashion that allows it 
to see that traffic (bearing in mind, for example, that capturing third-party traffic on a switched network may be 
difficult or impossible), and run tcpdump, with the -w flag, so that it saves the traffic to a file, and either with no 
filter or with a filter that matches the SSL traffic.

If you mean "is there a way to run tcpdump so that it can *dissect* SSL traffic", rather than just being able to put 
undissected raw packet contents, including SSL packets, into a file to be read by another program, the answer is "no" - 
tcpdump doesn't currently include the ability to decrypt SSL traffic.

(I.e., there's more to being able to analyze traffic than just being able to capture it....)
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers