分析 SSL/TLS 流量

Question

我认为我有一个可以满足您需求的工具：SSL分析器这是普卡普套件。此工具记录 SSL/TLS 流量并收集其中的各种数据，包括您要求的主机名、SSL/TLS 版本和连接数。您可以按以下方式使用它：

./SSLAnalyzer -i <IP_ADDRESS>

PcapPlusPlus 是多平台的，因此您可以在 Win32、Linux（主要在 Ubuntu 上测试，如网站所述）和 Mac OS X（您没有指定所需的操作系统）上编译它。输出如下：

STATS SUMMARY
=============

General stats
--------------------

Sample time:                                           14.761 [Seconds]
Number of SSL packets:                                    201 [Packets]
Rate of SSL packets:                                   11.736 [Packets/sec]
Number of SSL flows:                                       25 [Flows]
Rate of SSL flows:                                      1.460 [Flows/sec]
Total SSL data:                                         89632 [Bytes]
Rate of SSL data:                                    5233.320 [Bytes/sec]
Average packets per flow:                               8.040 [Packets]
Average data per flow:                               3585.280 [Bytes]
Client-hello message:                                      23 [Messages]
Server-hello message:                                      23 [Messages]
Number of SSL flows with successful handshake:             22 [Flows]
Number of SSL flows ended with alert:                       5 [Flows]

SSL/TLS ports count
--------------------

| SSL/TLS ports | Count |
-------------------------
| 443           | 25    |
-------------------------

SSL versions count
--------------------

| SSL record version           | Count |
----------------------------------------
| TLSv1.2                      | 20    |
| TLSv1.0                      |  3    |
----------------------------------------

Client-hello versions count
--------------------

| Client-hello version         | Count |
----------------------------------------
| TLSv1.0                      | 23    |
----------------------------------------

Cipher-suite count
--------------------

| Cipher-suite                                       | Count |
--------------------------------------------------------------
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256              | 19    |
| TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256            | 4     |
--------------------------------------------------------------

Server-name count
--------------------

| Hostname                                 | Count |
----------------------------------------------------
| assets-cdn.github.com                    | 9     |
| api.github.com                           | 4     |
| collector.githubapp.com                  | 3     |
| accounts.google.com                      | 2     |
| github.com                               | 2     |
| live.github.com                          | 2     |
| www.gmail.com                            | 1     |
----------------------------------------------------

Answer 1

我认为我有一个可以满足您需求的工具：SSL分析器这是普卡普套件。此工具记录 SSL/TLS 流量并收集其中的各种数据，包括您要求的主机名、SSL/TLS 版本和连接数。您可以按以下方式使用它：

./SSLAnalyzer -i <IP_ADDRESS>

PcapPlusPlus 是多平台的，因此您可以在 Win32、Linux（主要在 Ubuntu 上测试，如网站所述）和 Mac OS X（您没有指定所需的操作系统）上编译它。输出如下：

STATS SUMMARY
=============

General stats
--------------------

Sample time:                                           14.761 [Seconds]
Number of SSL packets:                                    201 [Packets]
Rate of SSL packets:                                   11.736 [Packets/sec]
Number of SSL flows:                                       25 [Flows]
Rate of SSL flows:                                      1.460 [Flows/sec]
Total SSL data:                                         89632 [Bytes]
Rate of SSL data:                                    5233.320 [Bytes/sec]
Average packets per flow:                               8.040 [Packets]
Average data per flow:                               3585.280 [Bytes]
Client-hello message:                                      23 [Messages]
Server-hello message:                                      23 [Messages]
Number of SSL flows with successful handshake:             22 [Flows]
Number of SSL flows ended with alert:                       5 [Flows]

SSL/TLS ports count
--------------------

| SSL/TLS ports | Count |
-------------------------
| 443           | 25    |
-------------------------

SSL versions count
--------------------

| SSL record version           | Count |
----------------------------------------
| TLSv1.2                      | 20    |
| TLSv1.0                      |  3    |
----------------------------------------

Client-hello versions count
--------------------

| Client-hello version         | Count |
----------------------------------------
| TLSv1.0                      | 23    |
----------------------------------------

Cipher-suite count
--------------------

| Cipher-suite                                       | Count |
--------------------------------------------------------------
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256              | 19    |
| TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256            | 4     |
--------------------------------------------------------------

Server-name count
--------------------

| Hostname                                 | Count |
----------------------------------------------------
| assets-cdn.github.com                    | 9     |
| api.github.com                           | 4     |
| collector.githubapp.com                  | 3     |
| accounts.google.com                      | 2     |
| github.com                               | 2     |
| live.github.com                          | 2     |
| www.gmail.com                            | 1     |
----------------------------------------------------

分析 SSL/TLS 流量

答案1

相关内容