TCPdump

From indicium
Revision as of 11:55, 18 February 2025 by Steffe (talk | contribs) (Created page with "== Basic capture == Typical usage to capture network traffic going to a specific host: sudo tcpdump host xxx.xxx.xxx.xxx -w output.pcap == TLS capture == In case the traffic is encrypted using TLS or similar, you may be able to use the SSLKEYLOGFILE environment variable when running your client (or server) binary: SSLKEYLOGFILE=sslkeylogfile.log ./testapplication.py If this produces a sslkeylogfile.log file, you can use that to decrypt the TLS traffic. Open wireshark...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Basic capture

Typical usage to capture network traffic going to a specific host: 

sudo tcpdump host xxx.xxx.xxx.xxx -w output.pcap

TLS capture

In case the traffic is encrypted using TLS or similar, you may be able to use the SSLKEYLOGFILE environment variable when running your client (or server) binary: 

SSLKEYLOGFILE=sslkeylogfile.log ./testapplication.py

If this produces a sslkeylogfile.log file, you can use that to decrypt the TLS traffic. Open wireshark and go to Edit - Preferences - Protocol - TLS - (Pre)-Master-Secret log filename and specify your sslkeylogfile.log file. Then open your package dump and it will be decrypted.

Retrieved from "https://wiki.steffe.net/index.php?title=TCPdump&oldid=277"