ユーザ用ツール

サイト用ツール


サイドバー

ネットワークを勉強したいエンジニアにオススメの本

目次

tools:packetcapture:ssl.html


ホーム#ツール

Linux tcpdumpコマンドでSSL通信をパケットキャプチャ

tcpdumpによるSSL通信の取得方法

PacketCapture

# tcpdump -n port 443  -i any

# tcpdump -s0 -A -n port 443  -i any -w tmp.pac
   -s0で制限をなくす。 
   -Aで、ASCIIで取得

SSL通信の発生のさせ方

# 


実行例

tcpdump -n port 443 -i any

  • Webサーバ側から応答があることがわかります。

# tcpdump -n port 443  -i any
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
01:11:53.655585 IP6 2408:212:762:d00:a00:27ff:fe15:777d.33542 > 2406:da14:add:902:3f7c:b216:b369:fbe8.https: Flags [S], seq 2400292556, win 28800, options [mss 1440,sackOK,TS val 2901586 ecr 0,nop,wscale 7], length 0
01:11:53.661415 IP6 2406:da14:add:902:3f7c:b216:b369:fbe8.https > 2408:212:762:d00:a00:27ff:fe15:777d.33542: Flags [R.], seq 0, ack 2400292557, win 0, length 0
01:11:53.661940 IP6 2408:212:762:d00:a00:27ff:fe15:777d.39098 > 2406:da14:add:901:8724:ee11:22e2:7254.https: Flags [S], seq 3130865487, win 28800, options [mss 1440,sackOK,TS val 2901592 ecr 0,nop,wscale 7], length 0
01:11:53.664115 IP6 2406:da14:add:901:8724:ee11:22e2:7254.https > 2408:212:762:d00:a00:27ff:fe15:777d.39098: Flags [R.], seq 0, ack 3130865488, win 0, length 0
01:11:53.664482 IP6 2408:212:762:d00:a00:27ff:fe15:777d.37242 > 2406:da14:add:900:fd1f:8050:919d:e92a.https: Flags [S], seq 4205253461, win 28800, options [mss 1440,sackOK,TS val 2901595 ecr 0,nop,wscale 7], length 0
01:11:53.666901 IP6 2406:da14:add:900:fd1f:8050:919d:e92a.https > 2408:212:762:d00:a00:27ff:fe15:777d.37242: Flags [R.], seq 0, ack 4205253462, win 0, length 0
01:11:53.667373 IP 192.168.0.22.47554 > 54.238.195.50.https: Flags [S], seq 2786097308, win 29200, options [mss 1460,sackOK,TS val 2901597 ecr 0,nop,wscale 7], length 0
01:11:53.673655 IP 54.238.195.50.https > 192.168.0.22.47554: Flags [S.], seq 3657583550, ack 2786097309, win 26847, options [mss 1414,sackOK,TS val 60146486 ecr 2901597,nop,wscale 8], length 0
01:11:53.673726 IP 192.168.0.22.47554 > 54.238.195.50.https: Flags [.], ack 1, win 229, options [nop,nop,TS val 2901604 ecr 60146486], length 0
01:11:53.796420 IP 192.168.0.22.47554 > 54.238.195.50.https: Flags [P.], seq 1:184, ack 1, win 229, options [nop,nop,TS val 2901726 ecr 60146486], length 183
01:11:53.803186 IP 54.238.195.50.https > 192.168.0.22.47554: Flags [.], ack 184, win 110, options [nop,nop,TS val 60146518 ecr 2901726], length 0
01:11:53.804588 IP 54.238.195.50.https > 192.168.0.22.47554: Flags [P.], seq 1:5274, ack 184, win 110, options [nop,nop,TS val 60146519 ecr 2901726], length 5273
01:11:53.804630 IP 192.168.0.22.47554 > 54.238.195.50.https: Flags [.], ack 5274, win 311, options [nop,nop,TS val 2901735 ecr 60146519], length 0
01:11:53.817408 IP 192.168.0.22.47554 > 54.238.195.50.https: Flags [P.], seq 184:310, ack 5274, win 311, options [nop,nop,TS val 2901747 ecr 60146519], length 126
01:11:53.823969 IP 54.238.195.50.https > 192.168.0.22.47554: Flags [P.], seq 5274:5325, ack 310, win 110, options [nop,nop,TS val 60146524 ecr 2901747], length 51
01:11:53.824371 IP 192.168.0.22.47554 > 54.238.195.50.https: Flags [P.], seq 310:413, ack 5325, win 311, options [nop,nop,TS val 2901754 ecr 60146524], length 103
01:11:53.872088 IP 54.238.195.50.https > 192.168.0.22.47554: Flags [.], ack 413, win 110, options [nop,nop,TS val 60146536 ecr 2901754], length 0
01:11:53.941723 IP 54.238.195.50.https > 192.168.0.22.47554: Flags [P.], seq 5325:6365, ack 413, win 110, options [nop,nop,TS val 60146553 ecr 2901754], length 1040
01:11:53.942945 IP 192.168.0.22.47554 > 54.238.195.50.https: Flags [P.], seq 413:444, ack 6365, win 333, options [nop,nop,TS val 2901873 ecr 60146553], length 31
01:11:53.943334 IP 192.168.0.22.47554 > 54.238.195.50.https: Flags [F.], seq 444, ack 6365, win 333, options [nop,nop,TS val 2901873 ecr 60146553], length 0
01:11:53.949482 IP 54.238.195.50.https > 192.168.0.22.47554: Flags [.], ack 444, win 110, options [nop,nop,TS val 60146555 ecr 2901873], length 0
01:11:53.949560 IP 54.238.195.50.https > 192.168.0.22.47554: Flags [F.], seq 6365, ack 444, win 110, options [nop,nop,TS val 60146555 ecr 2901873], length 0
01:11:53.949581 IP 192.168.0.22.47554 > 54.238.195.50.https: Flags [.], ack 6366, win 333, options [nop,nop,TS val 2901880 ecr 60146555], length 0
01:11:53.949631 IP 54.238.195.50.https > 192.168.0.22.47554: Flags [.], ack 445, win 110, options [nop,nop,TS val 60146555 ecr 2901873], length 0
^C
24 packets captured
24 packets received by filter
0 packets dropped by kernel
#





ホーム#ツール


tools/packetcapture/ssl.html.txt · 最終更新: 2019/06/19 00:23 by kurihara

ページ用ツール