我正在终端上使用 ssldump 捕获 SSL 握手数据,并使用以下命令
sudo ssldump -i enp0s8 -a -A -H -n -x > new_trace
将其输出到单个文件中。目前,输出类似于下面引用的输出。与我的问题相关的部分是,每次有新连接进入时,都会出现一条新行,如下所示
New TCP connection #2: 192.168.33.1(57380) <-> 192.168.33.10(443)
我想要做的是将 ssldump 的输出捕获到每个连接的单独文件中。这是可能的事吗?例如,我可以在每次New TCP connection看到字符串时以某种方式创建一个新文件吗?
New TCP connection #1: 192.168.33.1(57378) <-> 192.168.33.10(443)
1 1 0.0006 (0.0006) C>SV3.1(512) Handshake
ClientHello
Version 3.3
random[32]=
b4 b0 59 7b bb 3c aa e1 04 50 17 bd 8a 71 f0 30
54 ed 7f 4c 83 de b3 48 9b 32 9d 0b a3 5d 2a 0c
resume [32]=
8a b5 d0 1f 2d b3 f0 c5 7a 19 b9 f3 b8 b4 f2 f5
7c a2 fc 92 29 ee 63 dc a3 ca fa 1f 31 45 6c 69
cipher suites
Unknown value 0xbaba
Unknown value 0x1301
Unknown value 0x1302
Unknown value 0x1303
Unknown value 0xc02b
Unknown value 0xc02f
Unknown value 0xc02c
Unknown value 0xc030
Unknown value 0xcca9
Unknown value 0xcca8
Unknown value 0xc013
Unknown value 0xc014
Unknown value 0x9c
Unknown value 0x9d
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
compression methods
NULL
Packet data[517]=
16 03 01 02 00 01 00 01 fc 03 03 b4 b0 59 7b bb
3c aa e1 04 50 17 bd 8a 71 f0 30 54 ed 7f 4c 83
de b3 48 9b 32 9d 0b a3 5d 2a 0c 20 8a b5 d0 1f
2d b3 f0 c5 7a 19 b9 f3 b8 b4 f2 f5 7c a2 fc 92
29 ee 63 dc a3 ca fa 1f 31 45 6c 69 00 22 ba ba
13 01 13 02 13 03 c0 2b c0 2f c0 2c c0 30 cc a9
cc a8 c0 13 c0 14 00 9c 00 9d 00 2f 00 35 00 0a
01 00 01 91 ba ba 00 00 00 00 00 18 00 16 00 00
13 74 69 6d 65 32 2e 73 65 63 75 72 65 70 6b 69
2e 6f 72 67 00 17 00 00 ff 01 00 01 00 00 0a 00
0a 00 08 fa fa 00 1d 00 17 00 18 00 0b 00 02 01
00 00 23 00 00 00 10 00 0e 00 0c 02 68 32 08 68
74 74 70 2f 31 2e 31 00 05 00 05 01 00 00 00 00
00 0d 00 14 00 12 04 03 08 04 04 01 05 03 08 05
05 01 08 06 06 01 02 01 00 12 00 00 00 33 00 2b
00 29 fa fa 00 01 00 00 1d 00 20 b2 35 fc 32 96
1b ce 5b c1 eb 3c e0 36 fe 89 6e 45 ec 91 02 16
6a 00 8b c5 75 23 4a d9 52 76 48 00 2d 00 02 01
01 00 2b 00 0b 0a aa aa 03 04 03 03 03 02 03 01
00 1b 00 03 02 00 02 3a 3a 00 01 00 00 15 00 c5
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00
1 2 0.0028 (0.0021) S>CV3.3(84) Handshake
ServerHello
Version 3.3
random[32]=
67 47 65 0a c8 d5 96 78 22 16 2f 5e 68 e2 2f 67
51 17 37 e7 e7 0a ce 06 10 1b 6d 63 5d c6 0c 0b
session_id[0]=
cipherSuite Unknown value 0xc030
compressionMethod NULL
Packet data[89]=
16 03 03 00 54 02 00 00 50 03 03 67 47 65 0a c8
d5 96 78 22 16 2f 5e 68 e2 2f 67 51 17 37 e7 e7
0a ce 06 10 1b 6d 63 5d c6 0c 0b 00 c0 30 00 00
28 ff 01 00 01 00 00 00 00 00 00 0b 00 04 03 00
01 02 00 23 00 00 00 17 00 00 00 10 00 0b 00 09
08 68 74 74 70 2f 31 2e 31
1 3 0.0028 (0.0000) S>CV3.3(934) Handshake
Certificate
Packet data[939]=
16 03 03 03 a6 0b 00 03 a2 00 03 9f 00 03 9c 30
82 03 98 30 82 02 80 a0 03 02 01 02 02 09 01 62
56 fb c9 3c e9 65 18 30 0d 06 09 2a 86 48 86 f7
0d 01 01 0b 05 00 30 54 31 21 30 1f 06 03 55 04
03 0c 18 4e 6f 72 74 68 65 61 73 74 65 72 6e 20
53 53 4c 20 54 65 73 74 20 43 41 31 15 30 13 06
03 55 04 0a 0c 0c 4e 6f 72 74 68 65 61 73 74 65
72 6e 31 18 30 16 06 03 55 04 0b 0c 0f 53 53 4c
20 43 6c 6f 63 6b 20 53 6b 65 77 73 30 1e 17 0d
31 36 30 34 31 30 32 31 30 34 32 34 5a 17 0d 31
39 30 34 31 30 32 31 30 35 32 38 5a 30 60 31 0b
30 09 06 03 55 04 06 13 02 55 53 31 0b 30 09 06
03 55 04 08 0c 02 4d 41 31 0f 30 0d 06 03 55 04
07 0c 06 42 6f 73 74 6f 6e 31 15 30 13 06 03 55
04 0a 0c 0c 4e 6f 72 74 68 65 61 73 74 65 72 6e
31 1c 30 1a 06 03 55 04 03 0c 13 74 69 6d 65 32
2e 73 65 63 75 72 65 70 6b 69 2e 6f 72 67 30 82
01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05
00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 d5
a5 51 9d 89 b2 cf 1d 8b 9d 36 69 47 e3 f8 42 ff
4f 9a fb 4e 3a 0b 7a 67 22 de d8 7e 32 22 ff 51
0f 23 c1 e8 16 c4 4a 07 0f c1 b2 bc 5e 17 f4 b7
ce d7 11 9e a3 79 33 e7 28 5c 4b 0e b0 6b a4 a9
4d 8a ca 24 54 c0 f4 ca f5 0b 04 5b 0f 15 d8 c5
ee 8a 6c 3f 91 a9 d9 6c 15 78 c5 d0 13 0f 6b af
1b 6c 32 f2 30 7d f9 2e 7a 9e 78 7f 20 68 66 e3
6d 15 52 87 e9 23 f2 5c 3a c6 81 2a 7e 29 ea 6f
6a b0 51 2e 94 84 ae be 70 8e 9e cc 9c 91 55 ea
ed 98 26 80 2b b2 7b d3 ad c7 b5 c3 da 8e 68 8d
45 ba 5a 24 e2 56 7f 0c 72 3d 48 98 43 2e fb bc
11 26 db b9 c1 8d a8 01 77 67 76 ef 48 a1 35 74
80 05 62 2c b6 c8 44 ac b5 44 59 e6 b2 e6 0d 4b
bb 15 b2 83 86 c4 26 bc e1 80 72 65 79 11 a4 f3
c5 21 42 03 b3 f1 73 ea 9f 8b 4a dd 6c 1d 8a bb
bc b1 5a 6a 7f 85 c0 45 80 82 8a 50 3d 71 13 02
03 01 00 01 a3 61 30 5f 30 0e 06 03 55 1d 0f 01
01 ff 04 04 03 02 05 e0 30 0c 06 03 55 1d 13 01
01 ff 04 02 30 00 30 1f 06 03 55 1d 23 04 18 30
16 80 14 06 2d f4 43 60 76 97 3b 03 6e e2 28 e6
ba b2 ab e2 f0 f3 4d 30 1e 06 03 55 1d 11 04 17
30 15 82 13 74 69 6d 65 32 2e 73 65 63 75 72 65
70 6b 69 2e 6f 72 67 30 0d 06 09 2a 86 48 86 f7
0d 01 01 0b 05 00 03 82 01 01 00 40 41 42 54 2c
5b ce af dd ea 4c a6 43 43 72 70 bd 22 61 69 51
1d 07 0c 60 ce 33 16 25 03 a4 03 67 fb c7 5c eb
4c 55 de c3 33 af 61 97 24 4e 5a 5a b6 17 df 39
99 3b 1f 45 88 6d 2b e8 0e c1 12 38 40 44 44 6b
5c 56 1c f6 d8 6d 2a 44 27 24 32 ce a4 29 49 12
0a 45 df b8 88 55 67 11 c4 3b af d7 01 b6 6e 6c
53 f3 12 0c b1 7f 16 d2 14 33 bd 9d cb 57 21 40
eb 49 fe a8 ea a1 e2 93 40 93 62 54 a1 9d 37 1b
da 54 35 ab e6 b0 b8 bc 3f fb b9 ae c3 a5 5c 44
50 e4 6c e5 96 a3 a9 5a fc d0 fe 9d 17 b2 4e b4
12 84 1c 1f f9 f7 02 61 35 fa 06 8f 83 69 0a a5
bd 89 02 d2 2c 76 4d 95 68 f7 89 af 02 1c 57 e5
2c 31 62 3f e3 4e 26 55 39 ec aa 2c 76 a5 e0 f9
01 a3 42 c4 69 89 d2 81 6a 63 3e fa a2 4c 9c b1
f6 f3 5f e1 5f b0 08 e4 29 ca e7 39 ba 12 b2 ab
31 47 5c ff e6 d0 0e 47 35 2b bb
1 4 0.0028 (0.0000) S>CV3.3(300) Handshake
ServerKeyExchange
Packet data[305]=
16 03 03 01 2c 0c 00 01 28 03 00 1d 20 df 4d 5e
c0 1d d2 c9 6c 56 9f e8 35 d2 be 70 12 99 4f 41
b5 88 d9 f0 a9 35 61 eb c2 bb 1f 8e 2c 06 01 01
00 40 90 ec e2 fa 4f e7 36 8a 53 0e 68 89 15 8a
79 10 a1 14 55 ce c0 7c 4f d7 c7 46 9e 29 87 bc
34 29 70 1c 2e 43 bf 0a fb 53 6a 13 a6 5c 74 3b
d6 99 fa 40 34 c4 10 a1 78 6c 62 8c e2 51 e8 a5
b8 eb 80 c5 d3 06 47 ce 25 10 df f3 63 e1 bb 68
66 40 2c 89 cb 75 8a 09 0a 79 aa 88 ef 19 58 30
99 0e 05 aa 23 14 93 52 87 17 39 92 6d 01 4a 09
d1 b0 6d fe 37 59 56 f0 f4 8d 52 b1 0e 10 ec 1c
7d 44 1d 68 4c b8 be 9b 47 85 26 fc cc 6d 5e d9
51 1a b3 2f 75 de 90 a3 5d f1 9c 6b eb ad 8e cf
4b a3 41 6f d3 91 ef 76 e6 f1 52 f3 c9 75 b5 e9
0c ed f7 aa 8d dd f2 3f 79 6e e9 f3 ba 93 3d 68
fc d0 07 58 a5 f4 3f 4e 76 bb 1f 5d 27 51 fd 38
a7 49 7f de 6c 8e 63 7d f4 52 5a 7e 27 63 b7 d8
55 3f 4a 39 63 e3 88 40 13 84 c0 87 53 d7 26 44
70 15 70 ed 6a 85 b3 82 90 47 48 84 94 fe 9e cc
19
1 5 0.0028 (0.0000) S>CV3.3(4) Handshake
ServerHelloDone
Packet data[9]=
16 03 03 00 04 0e 00 00 00
1 6 0.0038 (0.0009) C>SV3.3(37) Handshake
ClientKeyExchange
Packet data[42]=
16 03 03 00 25 10 00 00 21 20 c2 34 95 bd d9 fa
fe 7a 52 aa 4c 44 4b f6 f0 b1 4a be f7 c7 68 6c
e8 75 17 9b ed cc ec b7 5c 11
1 7 0.0038 (0.0000) C>SV3.3(1) ChangeCipherSpec
Packet data[6]=
14 03 03 00 01 01
1 8 0.0038 (0.0000) C>SV3.3(40) Handshake
Packet data[45]=
16 03 03 00 28 00 00 00 00 00 00 00 00 c3 98 a8
28 a6 35 4f 20 e8 e2 ca ee fb d6 58 95 ca 31 ea
86 5c c2 04 6c 35 d9 ba bd a0 27 fa 8a
1 0.0040 (0.0002) C>S TCP FIN
1 9 0.0045 (0.0005) S>CV3.3(218) Handshake
Packet data[223]=
16 03 03 00 da 04 00 00 d6 00 00 01 2c 00 d0 e4
ef 74 bb 05 44 68 1c 3a b7 45 c1 bd 87 28 92 e3
6e ba db a1 58 38 f2 d4 e4 ce fc 68 d9 25 b3 c4
ed ea 33 71 6a ac 42 74 6d 50 f0 66 92 bd 7f d2
78 a2 3e 33 0d 02 3b f1 0d b2 04 6a 99 19 15 46
8d 0d 78 c9 6f 05 bd 00 e5 3a 65 34 7b 67 d1 8e
ee 60 77 dc 61 51 be 27 6d 9f e1 58 b4 13 26 c0
ad 31 88 a8 66 30 bb 54 fb ba b8 f9 a4 5a 00 ca
de 18 3c 8d ae 3a 31 b1 a3 2d 62 44 1a 3a 79 35
a8 22 86 ae 5d f5 55 1b d0 43 08 7c bf 38 72 b0
97 79 43 aa 5d ef 7c 36 48 63 ac a9 00 d6 7d d9
be b6 51 c9 c1 0c 26 a8 84 c9 38 95 ea e1 eb 70
13 58 dd db 14 90 42 33 46 42 36 3c bd ab 66 44
c5 e1 11 e7 5c 43 a5 06 33 7d 80 ea 8a b5 b1
1 10 0.0045 (0.0000) S>CV3.3(1) ChangeCipherSpec
Packet data[6]=
14 03 03 00 01 01
1 11 0.0045 (0.0000) S>CV3.3(40) Handshake
Packet data[45]=
16 03 03 00 28 1f 9d ba 7d 2f 5e b5 b2 65 eb 93
85 64 58 29 17 a0 23 8d d0 db ab 99 be ab d4 e7
f8 6c 0b 0d f6 0e 6d 1f d6 d4 e4 1d 5d
1 0.0047 (0.0001) S>C TCP FIN
New TCP connection #2: 192.168.33.1(57380) <-> 192.168.33.10(443)
答案1
您可以使用csplit拆分为单独的文件。
sudo ssldump -i enp0s8 -a -A -H -n -x | csplit - '/^New TCP connection/'
这会将输入拆分为最多 100 个文件,命名xx00为xx99.
您可以使用该选项将前缀(默认xx)设置为其他内容--prefix=somethingelse。
可以使用 来设置用于对文件进行计数的位数(默认为 2)--digits=X。
您可能需要使用该--keep-files选项,如果csplit在停止进程时删除生成的文件(它可能会将中断解释为失败)。