/ca/ssl/bin/ssldump -r filename.pcap -k private_key -n -d > file
OPTIONS
Print bare TCP ACKs (useful for observing Nagle behavior)
| Print all record fields (by default ssldump chooses the most interesting fields) |
| Display the application data traffic. This usually means decrypting it, but when -d is used ssldump will also decode application data traffic _before_ the SSL session initiates. This allows you to see HTTPS CONNECT behavior as well as SMTP STARTTLS. As a side effect, since ssldump can't tell whether plaintext is traffic before the initiation of an SSL connection or just a regular TCP connection, this allows you to use ssldump to sniff any TCP connection. ssldump will automatically detect ASCII data and display it directly to the screen. non-ASCII data is displayed as hex dumps. See also -X. |
| Print absolute timestamps instead of relative timestamps |
| Read data from file instead of from the network. The old -f option still works but is deprecated and will probably be removed with the next version. -H Print the full SSL packet header. |
| Use keyfile as the location of the SSL keyfile (OpenSSL format) Previous versions of ssldump automatically looked in ./server.pem. Now you must specify your keyfile every time. |
| Don't try to resolve host names from IP addresses |
| Attempt to parse ASN.1 when it appears, such as in certificates and DNs. |
| Use password as the SSL keyfile password. |
| Don't put the interface into promiscuous mode. |
| Don't decode any record fields beyond a single summary line. (quiet mode). |
| Print each record in hex, as well as decoding it. |
| When the -d option is used, binary data is automatically printed in two columns with a hex dump on the left and the printable characters on the right. -X suppresses the display of the printable characters, thus making it easier to cut and paste the hext data into some other program. -y Decorate the output for processing with troff. Not very useful for the average user. |