ANNOUNCE: ssldump-0.9b1

Eric Rescorla Thu, 09 Nov 2000 13:27:37 -0800
ANNOUNCE: ssldump: an SSL protocol analyzer
Version 0.9b1

http://www.rtfm.com/ssldump/

RTFM, Inc. is pleased to announce the availability of ssldump 0.9b1.
ssldump is an SSLv3/TLS network protocol analyzer. It identifies TCP
connections on the chosen network interface and attempts to interpret
them as SSLv3/TLS traffic. When it identifies SSLv3/TLS traffic, it
decodes the records and displays them in a textual form to stdout. If
linked with OpenSSL and provided with the appropriate keying material,
it will also decrypt the connections and display the application data
traffic.

ssldump is completely passive and thus allows you to analyze systems
without interfering with them. You can also use it to read stored
traffic collected with tcpdump. 

This release is version 0.9b1. The code quality is considered to be
early Beta. It's been extensively tested internally and I've
collected and integrated the first round of feedback. ssldump has
now been tested on FreeBSD, Solaris, HP/UX, and Linux. It uses
autoconf and should be portable to most Unix-based systems.

CHANGES
Since 0.9a2, the following things have changed
      Ported to Linux, Solaris, and HP/UX. 
      Added decoding of printable characters when printing hex data. 
      Man page cleanups 
      Assorted other printing cleanups 

SAMPLE OUTPUT
Here's a sample of ssldump output in quiet mode:
New TCP connection #1: iromeo.rtfm.com(2539) <-> sr1.rtfm.com(4433)
1 1  0.0828 (0.0828)  C>S SSLv2 compatible client hello
1 2  1.0378 (0.9549)  S>C  Handshake      ServerHello
1 3  1.5707 (0.5329)  S>C  Handshake      Certificate
1 4  2.0859 (0.5152)  S>C  Handshake      ServerHelloDone
1 5  2.1256 (0.0396)  C>S  Handshake      ClientKeyExchange
1 6  2.1256 (0.0000)  C>S  ChangeCipherSpec
1 7  2.1256 (0.0000)  C>S  Handshake
1 8  7.7635 (5.6378)  S>C  ChangeCipherSpec
1 9  9.3182 (1.5547)  S>C  Handshake
1    18.1578 (8.8395)  C>S  TCP FIN
1    19.2500 (1.0922)  S>C  TCP FIN

And a message decoded in verbose mode:
1 2  1.0378 (0.9549)  S>CV3.0(74)  Handshake
      ServerHello
        Version 3.0 
        random[32]=
          39 e7 7b be 44 ce 48 94 d8 00 de 98 
          54 42 43 0d 28 72 87 2d b0 95 5c d6 
          2a c8 24 f2 d4 b2 88 21 
        session_id[32]=
          47 26 45 c9 ee 4f 66 56 88 c8 92 53 
          0d 84 2b eb 36 ac 44 ee c0 05 c8 dc 
          6c ed db 8e 1f bc ff fa 
        cipherSuite                   TLS_RSA_WITH_3DES_EDE_CBC_SHA
        compressionMethod                   NULL

ssldump also provides a variety of flags for controlling the output
at a finer level of granularity.

ssldump is released under a BSD-style license and is available
from 
        http://www.rtfm.com/ssldump

-Ekr
ANNOUNCE: ssldump-0.9b1

Reply via email to
