Sniffing & Spoofingssltlsnetworkanalyzerdecryptiontcpdump

ssldump

ssldump is an SSLv3/TLS network protocol analyzer that dumps and analyzes network traffic for SSLv3/TLS connections. It decodes the traffic and, with appropriate keying material, decrypts and displays application data.

Description

This program captures traffic on a network and specifically analyzes it for SSLv3/TLS network traffic, which is typically used to secure TCP connections. When SSL/TLS traffic is identified, ssldump decodes the results. If provided with the appropriate keying material, it can decrypt the connections to reveal the underlying application data traffic.

ssldump is based on tcpdump, a well-known network monitoring and data acquisition tool, making it suitable for security professionals needing to inspect encrypted communications. It helps in debugging SSL/TLS issues, analyzing encrypted protocols, and examining application data within secure connections.

Use cases include network troubleshooting, security analysis of encrypted traffic, and forensic investigation of SSL/TLS sessions on monitored networks.

How It Works

ssldump operates by capturing network packets similar to tcpdump and filtering for SSLv3/TLS protocols used to secure TCP connections. It identifies and decodes SSL/TLS handshakes and records. When supplied with keying material via options like keyfiles or SSL keylog files, it performs decryption to expose the application-layer data within the encrypted sessions.

Installation

bash

sudo apt install ssldump

Flags

-rRead packets from dumpfile

-iSpecify interface to listen on

-lUse sslkeylogfile for keying material

-wWrite packets to outpcapfile

-kSpecify keyfile for decryption

-pProvide password for keyfile

-vIncrease verbosity

-tTime stamp packets

-aASCII dump of decrypted data

-TTCP information

-zCompress output

-nNo hostname resolution

-sSnapshot length

-AASCII dump only

-xHex dump of records

-VVerbose packet tracing

-NNo session resumption

-dDescribe handshakes

-eSplit handshakes and data

Examples

Displays the usage information and available options for ssldump

ssldump --help

Reads and analyzes SSL/TLS traffic from a previously captured dumpfile

ssldump -r dumpfile

Dumps SSL/TLS traffic from the specified network interface

ssldump -i interface

Uses an SSL keylog file for decrypting captured SSL/TLS sessions

ssldump -l sslkeylogfile

Captures SSL/TLS traffic and writes it to an output pcap file

ssldump -w outpcapfile

Decrypts SSL/TLS traffic using a keyfile protected by a password

ssldump -k keyfile -p password

Runs ssldump verbosely with a packet filter expression

ssldump -v filter

Updated 2026-04-16kali.org ↗