我有一台服务器,许多客户端使用SSL连接。最近我在服务器日志中观察到SSL握手错误(来自SSL MAC错误)。错误本身并不重要,但我想看看为什么有些客户端能够连接而其他客户端失败,还需要确定哪些客户端出现故障。
为了调试此问题,我想捕获在服务器上发生的所有SSL握手,因为我不知道有问题的客户端何时连接,我不想捕获所有流量,直到发生这种情况。我只想捕获所有SSL握手,然后使用Wireshark进行分析。假设我只能访问tcpdump而没有其他工具可以捕获。
答案 0 :(得分:30)
我不知道你究竟是在叫握手,但我建议这个命令可能会占据你想要的95%以上:
tcpdump -ni eth0 "tcp port 443 and (tcp[((tcp[12] & 0xf0) >> 2)] = 0x16)"
现在它做了什么:
tcp[12]表示捕获tcp包的第13个字节,对应于前半部分是偏移量,后半部分是保留的。
偏移量一旦乘以4,就会得到TCP标头的字节数,这意味着((tcp[12] & 0xf0) >> 2)提供了TCP标头的大小。
TLS数据包的第一个字节定义内容类型。值22(十六进制为0x16)被定义为" Handshake"内容。
因此,tcp[((tcp[12] & 0xf0) >> 2)] = 0x16捕获TCP标头设置为0x16后第一个字节的每个数据包。
可以执行更多过滤,但这严格回答了您的问题。
答案 1 :(得分:1)
如果你也想抢SQL Server encryption那你还需要看+8。
<?php
/**
* Plugin Name: DL Project Manager
* Plugin URI: http://www.test.com
* Description: This is the starter project management plugin.
* Version: 1.0
* Author: Luan Tran
* Author URI: http://www.luantran.com
* License: GPLv2 or later
*/
// Abort if this file is accessed directly.
if (!defined("ABSPATH")) {
exit;
}
//define("PLUGIN_PATH", dirname(__FILE__));
define("PLUGIN_PATH", plugin_dir_path(__FILE__));
define("PLUGIN_URL", plugin_dir_url(__FILE__));
class DLProjectManager
{
public function __construct()
{
$this->addScripts();
$this->addStyles();
}
//create DB tables
public static function createDBTables()
{
global $wpdb;
$tables = [
$wpdb->prefix . 'dlpm_projects',
$wpdb->prefix . 'dlpm_activities',
$wpdb->prefix . 'dlpm_revenues',
];
$charset = $wpdb->get_charset_collate();
$charset_collate = $wpdb->get_charset_collate();
$sql = "
CREATE TABLE $tables[0] (
id int NOT NULL AUTO_INCREMENT,
project_name varchar(255) NOT NULL,
description text NULL,
budget DECIMAL NOT NULL,
invoice_file_path text NULL,
created_at datetime NOT NULL,
PRIMARY KEY (id)
)
$charset_collate;
CREATE TABLE $tables[1] (
id int NOT NULL AUTO_INCREMENT,
project_id int NOT NULL,
type varchar(20) NOT NULL,
amount DECIMAL NOT NULL,
description text NULL,
invoice_file_path text NULL,
created_at datetime NOT NULL,
PRIMARY KEY (id),
FOREIGN KEY (project_id) REFERENCES $tables[0](id)
)
$charset_collate;
CREATE TABLE $tables[2] (
id int NOT NULL AUTO_INCREMENT,
project_id int NOT NULL,
revenue decimal not null,
PRIMARY KEY (id),
FOREIGN KEY (project_id) REFERENCES $tables[0](id)
)
$charset_collate;
";
require_once(ABSPATH . 'wp-admin/includes/upgrade.php');
dbDelta($sql);
}
//add style & script
function addStyles()
{
wp_enqueue_style('dl-custom-styles', PLUGIN_URL . "/assets/css/styles.css");
}
function addScripts()
{
wp_enqueue_script('dl-jquery-inputmask', PLUGIN_URL . "/assets/js/jquery.inputmask.js", array('jquery'));
wp_enqueue_script('dl-custom-scripts', PLUGIN_URL . "/assets/js/scripts.js", array('jquery'));
}
//add menu
function dlProjectManagerAdminAllMenu()
{
$this->dlProjectManagerAdminMenu();
$this->dlProjectManagerAdminSubMenu();
}
function dlProjectManagerAdminMenu()
{
$page_title = 'Dashboard';
$menu_title = 'DL Project Manager';
$capability = 'manage_options';
$menu_slug = 'dl-project-manager';
$function = array($this, 'dashboardLayout'); //generate layout
$icon_url = 'dashicons-video-alt'; //menu icon
$position = 1;
add_menu_page(
$page_title,
$menu_title,
$capability,
$menu_slug,
$function,
$icon_url,
$position
);
}
function dlProjectManagerAdminSubMenu()
{
$submenu_pages = [
[
'parent_slug' => 'dl-project-manager',
'page_title' => 'Projects',
'menu_title' => 'Projects',
'capability' => 'manage_options',
'menu_slug' => 'dl-project-manager-project-list',
'function' => array($this, 'projectListLayout'), //generate layout
'position' => 2
], [
'parent_slug' => 'dl-project-manager-project-list',
'page_title' => 'New Project',
'menu_title' => 'Add New Project',
'capability' => 'manage_options',
'menu_slug' => 'dl-project-manager-project-new',
'function' => array($this, 'projectAddLayout'), //generate layout
'position' => 3
], [
'parent_slug' => 'dl-project-manager-project-list',
'page_title' => 'Edit Project',
'menu_title' => 'Edit Project',
'capability' => 'manage_options',
'menu_slug' => 'dl-project-manager-project-edit',
'function' => array($this, 'projectEditLayout'), //generate layout
'position' => 4
]
];
foreach ($submenu_pages as $submenu_page) {
add_submenu_page(
$submenu_page['parent_slug'],
$submenu_page['page_title'],
$submenu_page['menu_title'],
$submenu_page['capability'],
$submenu_page['menu_slug'],
$submenu_page['function']
);
}
}
}
if (is_admin()) {
$dlPM = new DLProjectManager();
//add menu
add_action('admin_menu', array($dlPM, 'dlProjectManagerAdminAllMenu'));
//create tables in mysql when activating the plugin
register_activation_hook(__FILE__, array($dlPM, 'createDBTables'));
//add style & script
add_action('wp_enqueue_scripts', array($dlPM, 'addScripts'));
add_action('wp_enqueue_styles', array($dlPM, 'addStyles'));
}
答案 2 :(得分:0)
我认为公认的答案是过早的优化,但解决方案却很脆弱。
建立连接后,就会立即进行SSL握手。
简便方法:在客户端连接到远程主机之前开始捕获,并捕获第一个完整的N个数据包。
例如,对于300个数据包:
/ usr / sbin / tcpdump -i eth0 -p -s 65535 -c 300“ tcp和主机1.2.3.4和端口443”
通过这种方式,wireshark具有SSL握手的全部有效负载,可以对其进行解码并向您显示所有位。