Re: [tcpdump-workers] tcpdump-workers Digest, Vol 72, Issue 3

Steve Bourland Sun, 08 Jul 2018 20:20:48 -0700

If you have the server's certificate, wireshark has the capability todecrypt SSL traffic captured with tcpdump, but you must have thecertificate and the start of the tcp session.


On Sun, 8 Jul 2018, tcpdump-workers-requ...@lists.tcpdump.org wrote:

Send tcpdump-workers mailing list submissions to
        tcpdump-workers@lists.tcpdump.org

To subscribe or unsubscribe via the World Wide Web, visit
        https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
or, via email, send a message with subject or body 'help' to
        tcpdump-workers-requ...@lists.tcpdump.org

You can reach the person managing the list at
        tcpdump-workers-ow...@lists.tcpdump.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of tcpdump-workers digest..."


Today's Topics:

  1. Re: Packet capture of SSL traffic (Kaushal Shriyan)


----------------------------------------------------------------------

Message: 1
Date: Sun, 8 Jul 2018 10:53:40 +0530
From: Kaushal Shriyan <kaushalshri...@gmail.com>
To: g...@alum.mit.edu
Cc: tcpdump-workers@lists.tcpdump.org
Subject: Re: [tcpdump-workers] Packet capture of SSL traffic
Message-ID:
        <cad7ssm87j8sfkpc6hxh+o3i8m0dtgolzfzgjunwqrzudozy...@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"

Thanks! Guy Harris for the explanation. Are there any tools which can decrypt
SSL traffic once i do the packet capture of SSL traffic using tcpdump?

I look forward to hearing from you.

Best Regards,

Kaushal

On Sat, Jul 7, 2018 at 6:23 AM Guy Harris <g...@alum.mit.edu> wrote:

On Jul 5, 2018, at 11:18 AM, Kaushal Shriyan <kaushalshri...@gmail.com>
wrote:

> Is there a way to run tcpdump to do packet capture on SSL traffic?

Yes.  Plug the machine running tcpdump into a network on which SSL traffic
is being sent, in a fashion that allows it to see that traffic (bearing in
mind, for example, that capturing third-party traffic on a switched network
may be difficult or impossible), and run tcpdump, with the -w flag, so that
it saves the traffic to a file, and either with no filter or with a filter
that matches the SSL traffic.

If you mean "is there a way to run tcpdump so that it can *dissect* SSL
traffic", rather than just being able to put undissected raw packet
contents, including SSL packets, into a file to be read by another program,
the answer is "no" - tcpdump doesn't currently include the ability to
decrypt SSL traffic.

(I.e., there's more to being able to analyze traffic than just being able
to capture it....)



------------------------------

Subject: Digest Footer

_______________________________________________
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers


------------------------------

End of tcpdump-workers Digest, Vol 72, Issue 3
**********************************************

_______________________________________________
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers

Re: [tcpdump-workers] tcpdump-workers Digest, Vol 72, Issue 3

Reply via email to