针对每个传入连接将 ssldump 输出拆分为多个文件

针对每个传入连接将 ssldump 输出拆分为多个文件

我正在终端上使用 ssldump 捕获 SSL 握手数据,并使用以下命令

sudo ssldump -i enp0s8 -a -A -H -n -x > new_trace

将其输出到单个文件中。目前,输出类似于下面引用的输出。与我的问题相关的部分是,每次有新连接进入时,都会出现一条新行,如下所示

New TCP connection #2: 192.168.33.1(57380) <-> 192.168.33.10(443)

我想要做的是将 ssldump 的输出捕获到每个连接的单独文件中。这是可能的事吗?例如,我可以在每次New TCP connection看到字符串时以某种方式创建一个新文件吗?

New TCP connection #1: 192.168.33.1(57378) <-> 192.168.33.10(443)
1 1  0.0006 (0.0006)  C>SV3.1(512)  Handshake
      ClientHello
        Version 3.3 
        random[32]=
          b4 b0 59 7b bb 3c aa e1 04 50 17 bd 8a 71 f0 30 
          54 ed 7f 4c 83 de b3 48 9b 32 9d 0b a3 5d 2a 0c 
        resume [32]=
          8a b5 d0 1f 2d b3 f0 c5 7a 19 b9 f3 b8 b4 f2 f5 
          7c a2 fc 92 29 ee 63 dc a3 ca fa 1f 31 45 6c 69 
        cipher suites
        Unknown value 0xbaba
        Unknown value 0x1301
        Unknown value 0x1302
        Unknown value 0x1303
        Unknown value 0xc02b
        Unknown value 0xc02f
        Unknown value 0xc02c
        Unknown value 0xc030
        Unknown value 0xcca9
        Unknown value 0xcca8
        Unknown value 0xc013
        Unknown value 0xc014
        Unknown value 0x9c
        Unknown value 0x9d
        TLS_RSA_WITH_AES_128_CBC_SHA
        TLS_RSA_WITH_AES_256_CBC_SHA
        TLS_RSA_WITH_3DES_EDE_CBC_SHA
        compression methods
                  NULL
Packet data[517]=
  16 03 01 02 00 01 00 01 fc 03 03 b4 b0 59 7b bb 
  3c aa e1 04 50 17 bd 8a 71 f0 30 54 ed 7f 4c 83 
  de b3 48 9b 32 9d 0b a3 5d 2a 0c 20 8a b5 d0 1f 
  2d b3 f0 c5 7a 19 b9 f3 b8 b4 f2 f5 7c a2 fc 92 
  29 ee 63 dc a3 ca fa 1f 31 45 6c 69 00 22 ba ba 
  13 01 13 02 13 03 c0 2b c0 2f c0 2c c0 30 cc a9 
  cc a8 c0 13 c0 14 00 9c 00 9d 00 2f 00 35 00 0a 
  01 00 01 91 ba ba 00 00 00 00 00 18 00 16 00 00 
  13 74 69 6d 65 32 2e 73 65 63 75 72 65 70 6b 69 
  2e 6f 72 67 00 17 00 00 ff 01 00 01 00 00 0a 00 
  0a 00 08 fa fa 00 1d 00 17 00 18 00 0b 00 02 01 
  00 00 23 00 00 00 10 00 0e 00 0c 02 68 32 08 68 
  74 74 70 2f 31 2e 31 00 05 00 05 01 00 00 00 00 
  00 0d 00 14 00 12 04 03 08 04 04 01 05 03 08 05 
  05 01 08 06 06 01 02 01 00 12 00 00 00 33 00 2b 
  00 29 fa fa 00 01 00 00 1d 00 20 b2 35 fc 32 96 
  1b ce 5b c1 eb 3c e0 36 fe 89 6e 45 ec 91 02 16 
  6a 00 8b c5 75 23 4a d9 52 76 48 00 2d 00 02 01 
  01 00 2b 00 0b 0a aa aa 03 04 03 03 03 02 03 01 
  00 1b 00 03 02 00 02 3a 3a 00 01 00 00 15 00 c5 
  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
  00 00 00 00 00 


1 2  0.0028 (0.0021)  S>CV3.3(84)  Handshake
      ServerHello
        Version 3.3 
        random[32]=
          67 47 65 0a c8 d5 96 78 22 16 2f 5e 68 e2 2f 67 
          51 17 37 e7 e7 0a ce 06 10 1b 6d 63 5d c6 0c 0b 
        session_id[0]=

        cipherSuite         Unknown value 0xc030
        compressionMethod                   NULL
Packet data[89]=
  16 03 03 00 54 02 00 00 50 03 03 67 47 65 0a c8 
  d5 96 78 22 16 2f 5e 68 e2 2f 67 51 17 37 e7 e7 
  0a ce 06 10 1b 6d 63 5d c6 0c 0b 00 c0 30 00 00 
  28 ff 01 00 01 00 00 00 00 00 00 0b 00 04 03 00 
  01 02 00 23 00 00 00 17 00 00 00 10 00 0b 00 09 
  08 68 74 74 70 2f 31 2e 31 


1 3  0.0028 (0.0000)  S>CV3.3(934)  Handshake
      Certificate
Packet data[939]=
  16 03 03 03 a6 0b 00 03 a2 00 03 9f 00 03 9c 30 
  82 03 98 30 82 02 80 a0 03 02 01 02 02 09 01 62 
  56 fb c9 3c e9 65 18 30 0d 06 09 2a 86 48 86 f7 
  0d 01 01 0b 05 00 30 54 31 21 30 1f 06 03 55 04 
  03 0c 18 4e 6f 72 74 68 65 61 73 74 65 72 6e 20 
  53 53 4c 20 54 65 73 74 20 43 41 31 15 30 13 06 
  03 55 04 0a 0c 0c 4e 6f 72 74 68 65 61 73 74 65 
  72 6e 31 18 30 16 06 03 55 04 0b 0c 0f 53 53 4c 
  20 43 6c 6f 63 6b 20 53 6b 65 77 73 30 1e 17 0d 
  31 36 30 34 31 30 32 31 30 34 32 34 5a 17 0d 31 
  39 30 34 31 30 32 31 30 35 32 38 5a 30 60 31 0b 
  30 09 06 03 55 04 06 13 02 55 53 31 0b 30 09 06 
  03 55 04 08 0c 02 4d 41 31 0f 30 0d 06 03 55 04 
  07 0c 06 42 6f 73 74 6f 6e 31 15 30 13 06 03 55 
  04 0a 0c 0c 4e 6f 72 74 68 65 61 73 74 65 72 6e 
  31 1c 30 1a 06 03 55 04 03 0c 13 74 69 6d 65 32 
  2e 73 65 63 75 72 65 70 6b 69 2e 6f 72 67 30 82 
  01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 
  00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 d5 
  a5 51 9d 89 b2 cf 1d 8b 9d 36 69 47 e3 f8 42 ff 
  4f 9a fb 4e 3a 0b 7a 67 22 de d8 7e 32 22 ff 51 
  0f 23 c1 e8 16 c4 4a 07 0f c1 b2 bc 5e 17 f4 b7 
  ce d7 11 9e a3 79 33 e7 28 5c 4b 0e b0 6b a4 a9 
  4d 8a ca 24 54 c0 f4 ca f5 0b 04 5b 0f 15 d8 c5 
  ee 8a 6c 3f 91 a9 d9 6c 15 78 c5 d0 13 0f 6b af 
  1b 6c 32 f2 30 7d f9 2e 7a 9e 78 7f 20 68 66 e3 
  6d 15 52 87 e9 23 f2 5c 3a c6 81 2a 7e 29 ea 6f 
  6a b0 51 2e 94 84 ae be 70 8e 9e cc 9c 91 55 ea 
  ed 98 26 80 2b b2 7b d3 ad c7 b5 c3 da 8e 68 8d 
  45 ba 5a 24 e2 56 7f 0c 72 3d 48 98 43 2e fb bc 
  11 26 db b9 c1 8d a8 01 77 67 76 ef 48 a1 35 74 
  80 05 62 2c b6 c8 44 ac b5 44 59 e6 b2 e6 0d 4b 
  bb 15 b2 83 86 c4 26 bc e1 80 72 65 79 11 a4 f3 
  c5 21 42 03 b3 f1 73 ea 9f 8b 4a dd 6c 1d 8a bb 
  bc b1 5a 6a 7f 85 c0 45 80 82 8a 50 3d 71 13 02 
  03 01 00 01 a3 61 30 5f 30 0e 06 03 55 1d 0f 01 
  01 ff 04 04 03 02 05 e0 30 0c 06 03 55 1d 13 01 
  01 ff 04 02 30 00 30 1f 06 03 55 1d 23 04 18 30 
  16 80 14 06 2d f4 43 60 76 97 3b 03 6e e2 28 e6 
  ba b2 ab e2 f0 f3 4d 30 1e 06 03 55 1d 11 04 17 
  30 15 82 13 74 69 6d 65 32 2e 73 65 63 75 72 65 
  70 6b 69 2e 6f 72 67 30 0d 06 09 2a 86 48 86 f7 
  0d 01 01 0b 05 00 03 82 01 01 00 40 41 42 54 2c 
  5b ce af dd ea 4c a6 43 43 72 70 bd 22 61 69 51 
  1d 07 0c 60 ce 33 16 25 03 a4 03 67 fb c7 5c eb 
  4c 55 de c3 33 af 61 97 24 4e 5a 5a b6 17 df 39 
  99 3b 1f 45 88 6d 2b e8 0e c1 12 38 40 44 44 6b 
  5c 56 1c f6 d8 6d 2a 44 27 24 32 ce a4 29 49 12 
  0a 45 df b8 88 55 67 11 c4 3b af d7 01 b6 6e 6c 
  53 f3 12 0c b1 7f 16 d2 14 33 bd 9d cb 57 21 40 
  eb 49 fe a8 ea a1 e2 93 40 93 62 54 a1 9d 37 1b 
  da 54 35 ab e6 b0 b8 bc 3f fb b9 ae c3 a5 5c 44 
  50 e4 6c e5 96 a3 a9 5a fc d0 fe 9d 17 b2 4e b4 
  12 84 1c 1f f9 f7 02 61 35 fa 06 8f 83 69 0a a5 
  bd 89 02 d2 2c 76 4d 95 68 f7 89 af 02 1c 57 e5 
  2c 31 62 3f e3 4e 26 55 39 ec aa 2c 76 a5 e0 f9 
  01 a3 42 c4 69 89 d2 81 6a 63 3e fa a2 4c 9c b1 
  f6 f3 5f e1 5f b0 08 e4 29 ca e7 39 ba 12 b2 ab 
  31 47 5c ff e6 d0 0e 47 35 2b bb 


1 4  0.0028 (0.0000)  S>CV3.3(300)  Handshake
      ServerKeyExchange
Packet data[305]=
  16 03 03 01 2c 0c 00 01 28 03 00 1d 20 df 4d 5e 
  c0 1d d2 c9 6c 56 9f e8 35 d2 be 70 12 99 4f 41 
  b5 88 d9 f0 a9 35 61 eb c2 bb 1f 8e 2c 06 01 01 
  00 40 90 ec e2 fa 4f e7 36 8a 53 0e 68 89 15 8a 
  79 10 a1 14 55 ce c0 7c 4f d7 c7 46 9e 29 87 bc 
  34 29 70 1c 2e 43 bf 0a fb 53 6a 13 a6 5c 74 3b 
  d6 99 fa 40 34 c4 10 a1 78 6c 62 8c e2 51 e8 a5 
  b8 eb 80 c5 d3 06 47 ce 25 10 df f3 63 e1 bb 68 
  66 40 2c 89 cb 75 8a 09 0a 79 aa 88 ef 19 58 30 
  99 0e 05 aa 23 14 93 52 87 17 39 92 6d 01 4a 09 
  d1 b0 6d fe 37 59 56 f0 f4 8d 52 b1 0e 10 ec 1c 
  7d 44 1d 68 4c b8 be 9b 47 85 26 fc cc 6d 5e d9 
  51 1a b3 2f 75 de 90 a3 5d f1 9c 6b eb ad 8e cf 
  4b a3 41 6f d3 91 ef 76 e6 f1 52 f3 c9 75 b5 e9 
  0c ed f7 aa 8d dd f2 3f 79 6e e9 f3 ba 93 3d 68 
  fc d0 07 58 a5 f4 3f 4e 76 bb 1f 5d 27 51 fd 38 
  a7 49 7f de 6c 8e 63 7d f4 52 5a 7e 27 63 b7 d8 
  55 3f 4a 39 63 e3 88 40 13 84 c0 87 53 d7 26 44 
  70 15 70 ed 6a 85 b3 82 90 47 48 84 94 fe 9e cc 
  19 


1 5  0.0028 (0.0000)  S>CV3.3(4)  Handshake
      ServerHelloDone
Packet data[9]=
  16 03 03 00 04 0e 00 00 00 


1 6  0.0038 (0.0009)  C>SV3.3(37)  Handshake
      ClientKeyExchange
Packet data[42]=
  16 03 03 00 25 10 00 00 21 20 c2 34 95 bd d9 fa 
  fe 7a 52 aa 4c 44 4b f6 f0 b1 4a be f7 c7 68 6c 
  e8 75 17 9b ed cc ec b7 5c 11 


1 7  0.0038 (0.0000)  C>SV3.3(1)  ChangeCipherSpec
Packet data[6]=
  14 03 03 00 01 01 


1 8  0.0038 (0.0000)  C>SV3.3(40)  Handshake
Packet data[45]=
  16 03 03 00 28 00 00 00 00 00 00 00 00 c3 98 a8 
  28 a6 35 4f 20 e8 e2 ca ee fb d6 58 95 ca 31 ea 
  86 5c c2 04 6c 35 d9 ba bd a0 27 fa 8a 


1    0.0040 (0.0002)  C>S  TCP FIN
1 9  0.0045 (0.0005)  S>CV3.3(218)  Handshake
Packet data[223]=
  16 03 03 00 da 04 00 00 d6 00 00 01 2c 00 d0 e4 
  ef 74 bb 05 44 68 1c 3a b7 45 c1 bd 87 28 92 e3 
  6e ba db a1 58 38 f2 d4 e4 ce fc 68 d9 25 b3 c4 
  ed ea 33 71 6a ac 42 74 6d 50 f0 66 92 bd 7f d2 
  78 a2 3e 33 0d 02 3b f1 0d b2 04 6a 99 19 15 46 
  8d 0d 78 c9 6f 05 bd 00 e5 3a 65 34 7b 67 d1 8e 
  ee 60 77 dc 61 51 be 27 6d 9f e1 58 b4 13 26 c0 
  ad 31 88 a8 66 30 bb 54 fb ba b8 f9 a4 5a 00 ca 
  de 18 3c 8d ae 3a 31 b1 a3 2d 62 44 1a 3a 79 35 
  a8 22 86 ae 5d f5 55 1b d0 43 08 7c bf 38 72 b0 
  97 79 43 aa 5d ef 7c 36 48 63 ac a9 00 d6 7d d9 
  be b6 51 c9 c1 0c 26 a8 84 c9 38 95 ea e1 eb 70 
  13 58 dd db 14 90 42 33 46 42 36 3c bd ab 66 44 
  c5 e1 11 e7 5c 43 a5 06 33 7d 80 ea 8a b5 b1 


1 10 0.0045 (0.0000)  S>CV3.3(1)  ChangeCipherSpec
Packet data[6]=
  14 03 03 00 01 01 


1 11 0.0045 (0.0000)  S>CV3.3(40)  Handshake
Packet data[45]=
  16 03 03 00 28 1f 9d ba 7d 2f 5e b5 b2 65 eb 93 
  85 64 58 29 17 a0 23 8d d0 db ab 99 be ab d4 e7 
  f8 6c 0b 0d f6 0e 6d 1f d6 d4 e4 1d 5d 


1    0.0047 (0.0001)  S>C  TCP FIN
New TCP connection #2: 192.168.33.1(57380) <-> 192.168.33.10(443)

答案1

您可以使用csplit拆分为单独的文件。

sudo ssldump -i enp0s8 -a -A -H -n -x | csplit - '/^New TCP connection/'

这会将输入拆分为最多 100 个文件,命名xx00xx99.

您可以使用该选项将前缀(默认xx)设置为其他内容--prefix=somethingelse

可以使用 来设置用于对文件进行计数的位数(默认为 2)--digits=X

您可能需要使用该--keep-files选项,如果csplit在停止进程时删除生成的文件(它可能会将中断解释为失败)。

相关内容