[PLUG] tcpdump whiz?

Michael Rasmussen michael at jamhome.us
Fri Feb 26 00:08:28 UTC 2016


I have a group of systems that I need to monitor for use of approved SSL cipher suites.
Wireshark is not available on them. tcpdump is the tool I need to use.

Do you know, or know someone who would know, how to contruct a tcpdump filter that matches
only packets for the SSL handshake?

Due to the volume of traffic on the systems I cannot capture everything and filter later.

The most useful hint found so far is at:
http://serverfault.com/questions/574405/tcpdump-server-hello-certificate-filter



-- 
      Michael Rasmussen, Portland Oregon  
    Be Appropriate && Follow Your Curiosity
People play badly for various reasons; the most common one is failure
to judge what they currently produce as inadequate.
    ~ Tony Pay (on a Clarinet discussion list)



More information about the PLUG mailing list