Admin: Text replacement - "Category:Wiki" to "Category:Wiki '''''[https://it-arts.net/index.php/Category:Wiki Return to Wiki Index]''''' "

2026-01-17T09:06:39Z

Text replacement - "Category:Wiki" to "Category:Wiki '''''[https://it-arts.net/index.php/Category:Wiki Return to Wiki Index]''''' "

← Older revision		Revision as of 09:06, 17 January 2026
Line 1:		Line 1:
	[[Category:Wiki]]		[[Category:Wiki]]

			'''''[https://it-arts.net/index.php/Category:Wiki Return to Wiki Index]'''''


	== Basic Usage ==		== Basic Usage ==

Admin: Created page with "Category:Wiki == Basic Usage == The basic syntax of the `ssldump` command is as follows: ssldump [options] [host] [port] Here: * `host` specifies the target host. * `port` specifies the target port (default is 443 for HTTPS). == Commonly Used Options == * `-i `: Specifies the network interface to capture packets from (e.g., `eth0`, `wlan0`). * `-A`: Print all available SSL/TLS protocol messages. * `-d`: Enable the display of decode..."

2025-12-14T07:34:10Z

Created page with "Category:Wiki == Basic Usage == The basic syntax of the `ssldump` command is as follows: <nowiki> ssldump [options] [host] [port]</nowiki> Here: * `host` specifies the target host. * `port` specifies the target port (default is 443 for HTTPS). == Commonly Used Options == * `-i <interface>`: Specifies the network interface to capture packets from (e.g., `eth0`, `wlan0`). * `-A`: Print all available SSL/TLS protocol messages. * `-d`: Enable the display of decode..."

New page

[[Category:Wiki]]

== Basic Usage ==

The basic syntax of the `ssldump` command is as follows:

<nowiki>
ssldump [options] [host] [port]</nowiki>

Here:
* `host` specifies the target host.
* `port` specifies the target port (default is 443 for HTTPS).

== Commonly Used Options ==

* `-i <interface>`: Specifies the network interface to capture packets from (e.g., `eth0`, `wlan0`).
* `-A`: Print all available SSL/TLS protocol messages.
* `-d`: Enable the display of decoded packets.
* `-r <file>`: Read traffic from a file instead of live capture.
* `-v`: Increase verbosity, providing more details about the handshake and packet exchanges.

== Example: Capture and Decode SSL Traffic ==

To capture and decode SSL traffic on the default HTTPS port (443) for a specific host, you can use the following command:

<nowiki>
ssldump -i eth0 -A host example.com</nowiki>

This command captures packets on the `eth0` interface, decodes SSL traffic, and displays all available protocol messages exchanged between the client and server for the host `example.com`.

== Example: Reading from a Packet Capture File ==

You can also read SSL/TLS traffic from a previously captured pcap file (e.g., using `tcpdump` or Wireshark) and analyze it using `ssldump`. The following command reads from the file `capture.pcap`:

<nowiki>
ssldump -r capture.pcap -A</nowiki>

This command processes the capture file `capture.pcap` and displays the SSL/TLS protocol messages.

== Example: Filter SSL Traffic by Host and Port ==

To filter the SSL/TLS traffic by a specific host and port, you can use the following command:

<nowiki>
ssldump -i eth0 -A host example.com and port 443</nowiki>

This command captures SSL/TLS traffic between the host `example.com` and port `443`.

== Example: Displaying Detailed SSL Handshake ==

For detailed analysis of the SSL/TLS handshake, including the cipher suites used, certificates exchanged, and session establishment, you can use the `-d` option:

<nowiki>
ssldump -i eth0 -d host example.com</nowiki>

This will display decoded SSL/TLS handshake messages and provide details such as certificate information, session keys, and cipher suites negotiated during the handshake.

== Example: Increase Verbosity ==

To increase the verbosity and show more detailed protocol information, use the `-v` option:

<nowiki>
ssldump -i eth0 -v host example.com</nowiki>

This command provides a more verbose output of SSL/TLS packets, including details on handshakes, alerts, and encrypted payloads.

== Example: Monitoring SSL/TLS Session with Specific Server Certificate ==

To filter SSL/TLS sessions by a specific server certificate, you can use the `-c` option, which filters traffic by the certificate's Common Name (CN):

<nowiki>
ssldump -i eth0 -A -c "example.com"</nowiki>

This command captures and decrypts SSL/TLS traffic involving a server whose certificate has the CN `example.com`.

== Example: Saving Output to a File ==

To save the output of the `ssldump` command to a file, you can redirect the output using `>`:

<nowiki>
ssldump -i eth0 -A host example.com > output.txt</nowiki>

This command will capture SSL/TLS traffic for `example.com` and save the decoded messages to the file `output.txt`.

== Example: SSL Debugging for Specific Protocol Versions ==

You can also filter SSL/TLS sessions by specifying the SSL/TLS version you are interested in. To focus on a specific version (e.g., TLSv1.2), use the `-v` flag along with the desired version:

<nowiki>
ssldump -i eth0 -A -v TLSv1.2 host example.com</nowiki>

This command will capture SSL/TLS traffic only for sessions using TLSv1.2.

== Example: Detailed SSL/TLS Alert Messages ==

To specifically display SSL/TLS alert messages, use the `-a` option to focus on alerts:

<nowiki>
ssldump -i eth0 -A -a host example.com</nowiki>

This command filters out everything except SSL/TLS alert messages, providing detailed insights into any alerts or errors during the SSL/TLS session.

== Additional Notes ==

* SSldump relies on raw packet capture to decrypt and interpret SSL/TLS traffic. This means that you need to capture traffic at a point where the SSL/TLS handshake occurs.
* `ssldump` requires root or superuser privileges to capture packets on network interfaces (e.g., using `sudo`).
* While `ssldump` can decrypt SSL/TLS sessions, it cannot decrypt traffic that uses perfect forward secrecy (PFS) unless you have access to the private key or session keys.
* The tool supports several SSL/TLS versions, including SSLv2, SSLv3, and TLSv1.x, but its ability to decode these protocols depends on the version of `ssldump` and its compatibility with the protocols being used.

== Troubleshooting ==

* If `ssldump` fails to capture or decode traffic, ensure that the correct network interface is specified using the `-i` option.
* Ensure that SSL/TLS handshakes are visible in the captured traffic; if the traffic is encrypted with Perfect Forward Secrecy (PFS), SSL/TLS session keys or certificates may be required for decryption.

SSLDUMP - Examples - Revision history

Admin: Text replacement - "Category:Wiki" to "Category:Wiki '''''[https://it-arts.net/index.php/Category:Wiki Return to Wiki Index]''''' "