-a |
Print bare TCP ACKs (useful for observing Nagle behavior)
-A |
Print all record fields (by default ssldump chooses the most interesting fields) |
-d |
Display the application data traffic. This usually means decrypting it, but when -d is used ssldump will also decode application data traffic _before_ the SSL session initiates. This allows you to see HTTPS CONNECT behavior as well as SMTP STARTTLS. As a side effect, since ssldump can't tell whether plaintext is traffic before the initiation of an SSL connection or just a regular TCP connection, this allows you to use ssldump to sniff any TCP connection. ssldump will automatically detect ASCII data and display it directly to the screen. non-ASCII data is displayed as hex dumps. See also -X. |
-e |
Print absolute timestamps instead of relative timestamps |
-r |
Read data from file instead of from the network. The old -f option still works but is deprecated and will probably be removed with the next version. -H Print the full SSL packet header. |
-k |
Use keyfile as the location of the SSL keyfile (OpenSSL format) Previous versions of ssldump automatically looked in ./server.pem. Now you must specify your keyfile every time. |
-n |
Don't try to resolve host names from IP addresses |
-N |
Attempt to parse ASN.1 when it appears, such as in certificates and DNs. |
-p |
Use password as the SSL keyfile password. |
-P |
Don't put the interface into promiscuous mode. |
-q |
Don't decode any record fields beyond a single summary line. (quiet mode). |
-x |
Print each record in hex, as well as decoding it. |
-X |
When the -d option is used, binary data is automatically printed in two columns with a hex dump on the left and the printable characters on the right. -X suppresses the display of the printable characters, thus making it easier to cut and paste the hext data into some other program. -y Decorate the output for processing with troff. Not very useful for the average user. |