Re: [tcpdump-workers] Packet capture of SSL traffic
On Jul 5, 2018, at 11:18 AM, Kaushal Shriyan wrote: > Is there a way to run tcpdump to do packet capture on SSL traffic? Yes. Plug the machine running tcpdump into a network on which SSL traffic is being sent, in a fashion that allows it to see that traffic (bearing in mind, for example, that capturing third-party traffic on a switched network may be difficult or impossible), and run tcpdump, with the -w flag, so that it saves the traffic to a file, and either with no filter or with a filter that matches the SSL traffic. If you mean "is there a way to run tcpdump so that it can *dissect* SSL traffic", rather than just being able to put undissected raw packet contents, including SSL packets, into a file to be read by another program, the answer is "no" - tcpdump doesn't currently include the ability to decrypt SSL traffic. (I.e., there's more to being able to analyze traffic than just being able to capture it) ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Re: [tcpdump-workers] Packet capture of SSL traffic
(Re-sending from my real e-mail address as opposed to my forwarding-for-life address, as the latter was causing issues and required moderation.) On Jul 5, 2018, at 11:18 AM, Kaushal Shriyan wrote: > Is there a way to run tcpdump to do packet capture on SSL traffic? Yes. Plug the machine running tcpdump into a network on which SSL traffic is being sent, in a fashion that allows it to see that traffic (bearing in mind, for example, that capturing third-party traffic on a switched network may be difficult or impossible), and run tcpdump, with the -w flag, so that it saves the traffic to a file, and either with no filter or with a filter that matches the SSL traffic. If you mean "is there a way to run tcpdump so that it can *dissect* SSL traffic", rather than just being able to put undissected raw packet contents, including SSL packets, into a file to be read by another program, the answer is "no" - tcpdump doesn't currently include the ability to decrypt SSL traffic. (I.e., there's more to being able to analyze traffic than just being able to capture it) ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Re: [tcpdump-workers] Packet capture of SSL traffic
Thanks! Guy Harris for the explanation. Are there any tools which can decrypt SSL traffic once i do the packet capture of SSL traffic using tcpdump? I look forward to hearing from you. Best Regards, Kaushal On Sat, Jul 7, 2018 at 6:23 AM Guy Harris wrote: > On Jul 5, 2018, at 11:18 AM, Kaushal Shriyan > wrote: > > > Is there a way to run tcpdump to do packet capture on SSL traffic? > > Yes. Plug the machine running tcpdump into a network on which SSL traffic > is being sent, in a fashion that allows it to see that traffic (bearing in > mind, for example, that capturing third-party traffic on a switched network > may be difficult or impossible), and run tcpdump, with the -w flag, so that > it saves the traffic to a file, and either with no filter or with a filter > that matches the SSL traffic. > > If you mean "is there a way to run tcpdump so that it can *dissect* SSL > traffic", rather than just being able to put undissected raw packet > contents, including SSL packets, into a file to be read by another program, > the answer is "no" - tcpdump doesn't currently include the ability to > decrypt SSL traffic. > > (I.e., there's more to being able to analyze traffic than just being able > to capture it) ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
[tcpdump-workers] Packet capture of SSL traffic
Hi, Is there a way to run tcpdump to do packet capture on SSL traffic? Best Regards, Kaushal ___ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers