TCPDUMP and SSLDUMP

Overview

I was interested in figuring out the time taken for a HTTP SSL handshake and the following file download time and after a discussion with colleagues decided in utilizing ssldump.

Usage

The ssldump utility can either read the output of tcpdump or could simply be set to listen on a particular interface as well. Some examples follow:

Listen on the Loopback interface  “lo”:

Note that if the client and server are on the same machine then this is what you might need to do.

Listen on a particular interface:

It could also read the generated output of tcpdump:

However if you have network traffic captured as a result of running tcpdump and running ssldump on it leads to “ERRORLength mismatch” message, then one needs to increase the packet capture size. This is what I did for a quick check:

Here the value “0” is assocated with the “snarflen” (-s) argument and it implies that we “use the required length to catch whole packets” (from the man page of tcpdump).

References:

For ssldump troubleshooting, please refer to:

http://ssldump.sourceforge.net/TROUBLESHOOTING

Leave a Reply

Your email address will not be published. Required fields are marked *

     

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">