How do I get a dump of a SSL handshake in a human readable format using tshark? I need to provide this to a vendor for debugging a failed SSL handshake problem.
This needs to be done in tshark, not wireshark as it's being done on a remote server with no GUI.
Best Answer
Like this.
Replace
<interface>
with the interface name to capture on (e.g.,eth0
). Replace<hostname>
with the name or IP address of the remote host you want to capture packets for. Replace<portnumber>
with the port the service is running on (probably443
).You can also use
tcpdump
instead. Both Wireshark andtcpdump
use libpcap for capturing, so you'll capture the exact same information. You can also copy the resulting file and open it in Wireshark on a different computer.The command line flags for
tcpdump
andtshark
are close enough that in most cases they can be used interchangeably.