tcpdump to filter ssl packets

networking ssl sniffing tcpdump
Pass picture Pass · Nov 22, 2011 · Viewed 13.7k times · Source

I need to filter out all SSL packets using tcpdump. I know that only the first packet can be recognized as being ssl. Is it possible to match against the first packet and then filter out the rest of the SSL stream?

Answer

Stellarator picture Stellarator · Nov 27, 2011

You can filter a tcp stream in tcpdump too, this site explains how to use tcpdump in this way, I hope it helps: tcpdump.org/tcpdump_man.html

You will have to tweak it a bit, but it should work.

Also, there is a dedicated SSL_DUMP utility

Related questions

Capture only ssl handshake with tcpdump

I have a server to which many clients connect using SSL. Recently I'm observing SSL handshake errors in the server logs (ex SSL MAC error). The error itself is not important, but I want to see why some clients are …

Read More
How do you decrypt SSH .pcap file that uses Diffie Hellman encryption. With public and private keys

How do you decrypt SSH .pcap file that uses Diffie Hellman encryption. With public and private keys. We are trying through Wireshark with no luck.

Read More
How to create a secured TCP connection via TLS v.1.2 in Java

I want to create commnicate between two systems via TLS v1.2. The information it contains is confidential. I want to avoid an https web service call and diectly want to perform message exchange at the TCP layer. Can you suggest …

Read More