Overview
I was interested in figuring out the time taken for a HTTP SSL handshake and the following file download time and after a discussion with colleagues decided in utilizing ssldump.
Usage
The ssldump utility can either read the output of tcpdump or could simply be set to listen on a particular interface as well. Some examples follow:
Listen on the Loopback interface “lo”:
1 |
ssldump -i lo |
Note that if the client and server are on the same machine then this is what you might need to do.
Listen on a particular interface:
1 |
ssldump -i eth0 |
It could also read the generated output of tcpdump:
1 2 |
ssldump -r tcp1 [here tcp1 is the file that was generated as a result of running tcpdump] |
However if you have network traffic captured as a result of running tcpdump and running ssldump on it leads to “ERROR: Length mismatch” message, then one needs to increase the packet capture size. This is what I did for a quick check:
1 |
tcpdump -nnvvXSs 0 -w tcp1 [write to file tcp1] |
Here the value “0” is assocated with the “snarflen” (-s) argument and it implies that we “use the required length to catch whole packets” (from the man page of tcpdump).
References:
For ssldump troubleshooting, please refer to: