On 02/25/2016 08:25 PM, Robert Citek wrote:
> On Thu, Feb 25, 2016 at 7:04 PM, Louis Kowolowski
> wrote:
>> I don’t know if browsers support a local file for a proxy.pac or not. That
>> would be the first thing I would investigate.
>
> That's what I was not (and still am not) sure of. However, t
On Thu, Feb 25, 2016 at 7:04 PM, Louis Kowolowski
wrote:
> I don’t know if browsers support a local file for a proxy.pac or not. That
> would be the first thing I would investigate.
That's what I was not (and still am not) sure of. However, the site
that I originally referenced did have this to
I may be able to wrangle an agreement to install ssldump.
Life will be easier if I can get it done with tcpdump.
The goal is to capture the SSL handshake packets and then
check for which devices are not using approved cipher suites.
A make my life really easy solution would spit out the IP add
Hi there,
>I have a group of systems that I need to monitor for use of
>approved SSL cipher suites. Wireshark is not available on them.
>tcpdump is the tool I need to use.
>Do you know, or know someone who would know, how to contruct a
>tcpdump filter that matches only packets for the SSL han
On Thu, Feb 25, 2016 at 07:15:50PM -0600, Louis Kowolowski wrote:
> From the link you posted:
>
> tcpdump -i any -s 1500 (tcp[((tcp[12:1] & 0xf0) >> 2)+5:1] = 0x01) and
> (tcp[((tcp[12:1] & 0xf0) >> 2):1] = 0x16)
>
> This captures the SSL handshake (0x16), and the hello (0x01). Seems
> reasonab
I don’t know if browsers support a local file for a proxy.pac or not. That
would be the first thing I would investigate.
> On Feb 25, 2016, at 8:48 PM, Robert Citek wrote:
>
> On Thu, Feb 25, 2016 at 1:14 AM, Louis Kowolowski
> wrote:
>> I’m making some assumptions here, and if they’re not tr
On Thu, Feb 25, 2016 at 1:14 AM, Louis Kowolowski
wrote:
> I’m making some assumptions here, and if they’re not true, you can either
> correct me, or if the functionality i describe is what you want, take a look
> at https://www.cryptomonkeys.com/2014/07/automatic-http-proxy/ where I detail
> h
From the link you posted:
tcpdump -i any -s 1500 (tcp[((tcp[12:1] & 0xf0) >> 2)+5:1] = 0x01) and
(tcp[((tcp[12:1] & 0xf0) >> 2):1] = 0x16)
This captures the SSL handshake (0x16), and the hello (0x01). Seems reasonable
that you could delete the expression for hello and end up with:
tcpdump -i a
On Thu, Feb 25, 2016 at 04:24:34PM -0800, Ishak Micheil wrote:
> Jim Hassing knows.
No he doesn't. We've already chatted about it.
For those of you scratching your heads over that exchange, Jim, Ishak, and I
share a common employer.
> On Feb 25, 2016 16:11, "Michael Rasmussen" wrote:
>
> > I
Jim Hassing knows.
On Feb 25, 2016 16:11, "Michael Rasmussen" wrote:
> I have a group of systems that I need to monitor for use of approved SSL
> cipher suites.
> Wireshark is not available on them. tcpdump is the tool I need to use.
>
> Do you know, or know someone who would know, how to contruc
Shameless Promotion Alert:
The best person I know to answer that is Mike Pennacchi, who is teaching
"Deep Packet Inspection" at CasITConf next month.
http://casitconf.org/casitconf16/tutorials/
On Thu, Feb 25, 2016 at 4:11 PM Michael Rasmussen
wrote:
> I have a group of systems that I need to m
I have a group of systems that I need to monitor for use of approved SSL cipher
suites.
Wireshark is not available on them. tcpdump is the tool I need to use.
Do you know, or know someone who would know, how to contruct a tcpdump filter
that matches
only packets for the SSL handshake?
Due to th
I’m making some assumptions here, and if they’re not true, you can either
correct me, or if the functionality i describe is what you want, take a look at
https://www.cryptomonkeys.com/2014/07/automatic-http-proxy/ where I detail how
to set this up.
Presumably you have:
a) a web server that is p
13 matches
Mail list logo