Description: Ssldump is an network protocol analyzer specially for SSLv3/TLS. The main purpose of this tool is to identifies TCP connections on the selected network interface and interpret them as SSLv3/TLS traffic.It decodes SSLv3/TLS traffic records and use text form to display them. it can also decrypt the connections and display the application data traffic in some situation.
unlike tcpdump this tool needs to see both side of data transmission so there may be some trouble using it with network taps. Root access is needed to run this tool.
This video gives detail explanation of how to use this tool .
Syntax:
ssldump -i eth0 port 443
Output is like :
3 1 0.0738 (0.0738) C>S Handshake ClientHello
3 2 0.0743 (0.0004) S>C Handshake ServerHello
3 3 0.0743 (0.0000) S>C Handshake Certificate
3 4 0.0743 (0.0000) S>C Handshake ServerHelloDone
3 5 0.0866 (0.0123) C>S Handshake ClientKeyExchange
3 6 0.0866 (0.0000) C>S ChangeCipherSpec
3 7 0.0866 (0.0000) C>S Handshake Finished
3 8 0.0909 (0.0043) S>C ChangeCipherSpec
3 9 0.0909 (0.0000) S>C Handshake Finished
3 10 1.8652 (1.7742) C>S application_data
3 11 2.7539 (0.8887) C>S application_data
3 12 5.1861 (2.4321) C>S Alert warning close_notify
3 5.1868 (0.0007) C>S TCP FIN
3 5.1893 (0.0024) S>C TCP FIN
Source : livehacking from Youtube
Tags: SSLDump ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
similar to tcpdump but it is special for ssl.
ssldump works on FreeBSD, Linux, Solaris, and HP/UX but should work on any platform with pcap
Output format for traffic analyze is plain text.
For Live monitoring the network this tool is good.
I think Best tool for capturing traffic is WIRESHARK.