Search:     Advanced search
Browse by category:
Glossary | Ask question



What is the syntax of ssldump to decrypt an SSL trace?
Add comment
Views: 317
Votes: 0
Comments: 0
/ ca/ssl/bin/ssldump -r filename.pcap -k private_key -n -d > file
 
OPTIONS

-a

Print bare TCP ACKs (useful for observing Nagle behavior)

-A

Print all record fields (by default ssldump chooses the most interesting fields)

-d

Display the application data traffic. This usually means decrypting it, but when -d is used ssldump will also decode application data traffic _before_ the SSL session initiates. This allows you to see HTTPS CONNECT behavior as well as SMTP STARTTLS. As a side effect, since ssldump can't tell whether plaintext is traffic before the initiation of an SSL connection or just a regular TCP connection, this allows you to use ssldump to sniff any TCP connection. ssldump will automatically detect ASCII data and display it directly to the screen. non-ASCII data is displayed as hex dumps. See also -X.

-e

Print absolute timestamps instead of relative timestamps

-r

Read data from file instead of from the network. The old -f option still works but is deprecated and will probably be removed with the next version. -H Print the full SSL packet header.

-k

Use keyfile as the location of the SSL keyfile (OpenSSL format) Previous versions of ssldump automatically looked in ./server.pem. Now you must specify your keyfile every time.

-n

Don't try to resolve host names from IP addresses

-N

Attempt to parse ASN.1 when it appears, such as in certificates and DNs.

-p

Use password as the SSL keyfile password.

-P

Don't put the interface into promiscuous mode.

-q

Don't decode any record fields beyond a single summary line. (quiet mode).

-x

Print each record in hex, as well as decoding it.

-X

When the -d option is used, binary data is automatically printed in two columns with a hex dump on the left and the printable characters on the right. -X suppresses the display of the printable characters, thus making it easier to cut and paste the hext data into some other program. -y Decorate the output for processing with troff. Not very useful for the average user.

 
 


Other questions in this category
How to download corefile(s)?
What is the max number of Syslog servers Array support on the SPX
What is the max number of SNMP servers Array support on the SPX
What is the syntax of ssldump to collect a clear text SSL trace?
What are the commands that will not sync either by SSF or Synconfig?
How to collect the debug snapshot all?
How to collect debug snapshot and traces?
How does the SPX send SNMP trap?
What are the steps for password recovery of APV/AG/ASF Appliance?
How to Decrypt Packet capture with Session keys?