Honeypots mailing list archives
Re: Snort and SSL
From: Jose Nazario <jose () monkey org>
Date: Mon, 23 Dec 2002 19:39:24 -0500 (EST)
On Mon, 23 Dec 2002, TageTora wrote:
Does someone know a better solution to set IDS + SSL in a unique control machine?
ssldump, pass the captured packets to snort. http://www.rtfm.com/ssldump/ if you control one of the endpoints, you should be ok: ssldump is an SSLv3/TLS network protocol analyzer. It identifies TCP connections on the chosen network interface and attempts to interpret them as SSLv3/TLS traffic. When it identifies SSLv3/TLS traffic, it decodes the records and displays them in a textual form to stdout. If provided with the appropriate keying material, it will also decrypt the connections and display the application data traffic. hope this helps, ___________________________ jose nazario, ph.d. jose () monkey org http://www.monkey.org/~jose/
Current thread:
- EXPERIMENTAL IPv6 decoder available in Snort (fwd) Lance Spitzner (Dec 23)
- Snort and SSL TageTora (Dec 23)
- Re: Snort and SSL Jose Nazario (Dec 23)
- Snort and SSL TageTora (Dec 23)