Is there a way to snoop (on Solaris) SSL headers ( I don't actually need to capture SSL data ) so that I can ensure SSL is not blocked by any firewalls before entering my server.
Asked
Active
Viewed 604 times
2 Answers
1
In real-time? If not, then you could just use tcpdump to a file and then copy the resulting file locally where you can view it with something like Wireshark.
Or you could just use tcpdump -X ... or tcpdump -A ... to see the actual live packets (it won't decode the SSL header fields.
There is also a command-line tool called ssldump which can capture the headers (and more, if you supply it the keying material, but that seems out of scope for what you require).
Cameron Kerr
- 3,919
- 18
- 24
-
hi thanks. Yes, real time if possible. the thing is, we could not install tcpdump/ssldump. thanks for reply. – dorothy Sep 22 '14 at 10:56
1
Just use openssl:
openssl s_client -host yourhost -port yourport
for example
openssl s_client -host webserver -port 443
This requires no changes on the server you are trying to connect to.
Felix Frank
- 3,063
- 1
- 15
- 22
tzctserv
- 11
- 1