ssldump is an SSLv3/TLS network protocol analyzer. It identifies TCP connections on the chosen network interface and attempts to interpret them as SSLv3/TLS traffic. When it identifies SSLv3/TLS traffic, it decodes the records and displays them in a textual form to stdout. If provided with the appropriate keying material, it will also decrypt the connections and display the application data traffic.
The current version is 0.9b3
ssldump 0.9b3 contains a number of fixes and enhancements over 0.9b2, including.
If linked with OpenSSL, ssldump can display certificates in decoded form and decrypt traffic (provided that it has the appropriate keying material). Again, OpenSSL may be installed on your system. Otherwise you can obtain it from http://www.openssl.org
The CVS tree, containing the latest source (probably unstable) is available here, courtesy of
Some documentation can be found here.
New TCP connection #3: localhost(3638) <-> localhost(4433) 3 1 0.0738 (0.0738) C>S Handshake ClientHello 3 2 0.0743 (0.0004) S>C Handshake ServerHello 3 3 0.0743 (0.0000) S>C Handshake Certificate 3 4 0.0743 (0.0000) S>C Handshake ServerHelloDone 3 5 0.0866 (0.0123) C>S Handshake ClientKeyExchange 3 6 0.0866 (0.0000) C>S ChangeCipherSpec 3 7 0.0866 (0.0000) C>S Handshake Finished 3 8 0.0909 (0.0043) S>C ChangeCipherSpec 3 9 0.0909 (0.0000) S>C Handshake Finished 3 10 1.8652 (1.7742) C>S application_data 3 11 2.7539 (0.8887) C>S application_data 3 12 5.1861 (2.4321) C>S Alert warning close_notify 3 5.1868 (0.0007) C>S TCP FIN 3 5.1893 (0.0024) S>C TCP FINThis example uses the flags for minimal decoding. ssldump has flags to allow decoding of all messages, including printing the application protocol data.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQA9f3tv3n8ERpUIz6cRArxkAJwOde/y39HRzo0aqcQhd1+t62cSwACdH5R9 NJxutYXV724xc4N0O7UT9Y4= =SHz4 -----END PGP SIGNATURE-----My key fingerprint is:
465E 8A2B 9258 E9CA CE65 1DC3 DE7F 0446 9508 CFA7
SSL and TLS: Designing and Building Secure Systems
Eric Rescorla
Addison-Wesley, 2001
ISBN 0-201-61598-3
SSL and TLS makes extensive use of ssldump to demonstrate real-life SSL behavior. If you like ssldump and want to learn about SSL, you might consider buying my book.