SSL 핸드셰이크 데이터를 캡처하기 위해 터미널에서 ssldump를 사용하고 다음 명령을 사용하고 있습니다.
sudo ssldump -i enp0s8 -a -A -H -n -x > new_trace
단일 파일로 출력합니다. 현재 출력은 아래 인용된 출력과 유사합니다. 내 문제와 관련된 부분은 새로운 연결이 들어올 때마다 다음과 같은 새로운 줄이 나타난다는 것입니다
New TCP connection #2: 192.168.33.1(57380) <-> 192.168.33.10(443)
내가 원하는 것은 ssldump의 출력을 각 연결에 대해 별도의 파일로 캡처하는 것입니다. 이것이 가능한가? 예를 들어, 문자열을 볼 때마다 New TCP connection어떻게든 새 파일을 생성 할 수 있나요?
New TCP connection #1: 192.168.33.1(57378) <-> 192.168.33.10(443)
1 1 0.0006 (0.0006) C>SV3.1(512) Handshake
ClientHello
Version 3.3
random[32]=
b4 b0 59 7b bb 3c aa e1 04 50 17 bd 8a 71 f0 30
54 ed 7f 4c 83 de b3 48 9b 32 9d 0b a3 5d 2a 0c
resume [32]=
8a b5 d0 1f 2d b3 f0 c5 7a 19 b9 f3 b8 b4 f2 f5
7c a2 fc 92 29 ee 63 dc a3 ca fa 1f 31 45 6c 69
cipher suites
Unknown value 0xbaba
Unknown value 0x1301
Unknown value 0x1302
Unknown value 0x1303
Unknown value 0xc02b
Unknown value 0xc02f
Unknown value 0xc02c
Unknown value 0xc030
Unknown value 0xcca9
Unknown value 0xcca8
Unknown value 0xc013
Unknown value 0xc014
Unknown value 0x9c
Unknown value 0x9d
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
compression methods
NULL
Packet data[517]=
16 03 01 02 00 01 00 01 fc 03 03 b4 b0 59 7b bb
3c aa e1 04 50 17 bd 8a 71 f0 30 54 ed 7f 4c 83
de b3 48 9b 32 9d 0b a3 5d 2a 0c 20 8a b5 d0 1f
2d b3 f0 c5 7a 19 b9 f3 b8 b4 f2 f5 7c a2 fc 92
29 ee 63 dc a3 ca fa 1f 31 45 6c 69 00 22 ba ba
13 01 13 02 13 03 c0 2b c0 2f c0 2c c0 30 cc a9
cc a8 c0 13 c0 14 00 9c 00 9d 00 2f 00 35 00 0a
01 00 01 91 ba ba 00 00 00 00 00 18 00 16 00 00
13 74 69 6d 65 32 2e 73 65 63 75 72 65 70 6b 69
2e 6f 72 67 00 17 00 00 ff 01 00 01 00 00 0a 00
0a 00 08 fa fa 00 1d 00 17 00 18 00 0b 00 02 01
00 00 23 00 00 00 10 00 0e 00 0c 02 68 32 08 68
74 74 70 2f 31 2e 31 00 05 00 05 01 00 00 00 00
00 0d 00 14 00 12 04 03 08 04 04 01 05 03 08 05
05 01 08 06 06 01 02 01 00 12 00 00 00 33 00 2b
00 29 fa fa 00 01 00 00 1d 00 20 b2 35 fc 32 96
1b ce 5b c1 eb 3c e0 36 fe 89 6e 45 ec 91 02 16
6a 00 8b c5 75 23 4a d9 52 76 48 00 2d 00 02 01
01 00 2b 00 0b 0a aa aa 03 04 03 03 03 02 03 01
00 1b 00 03 02 00 02 3a 3a 00 01 00 00 15 00 c5
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00
1 2 0.0028 (0.0021) S>CV3.3(84) Handshake
ServerHello
Version 3.3
random[32]=
67 47 65 0a c8 d5 96 78 22 16 2f 5e 68 e2 2f 67
51 17 37 e7 e7 0a ce 06 10 1b 6d 63 5d c6 0c 0b
session_id[0]=
cipherSuite Unknown value 0xc030
compressionMethod NULL
Packet data[89]=
16 03 03 00 54 02 00 00 50 03 03 67 47 65 0a c8
d5 96 78 22 16 2f 5e 68 e2 2f 67 51 17 37 e7 e7
0a ce 06 10 1b 6d 63 5d c6 0c 0b 00 c0 30 00 00
28 ff 01 00 01 00 00 00 00 00 00 0b 00 04 03 00
01 02 00 23 00 00 00 17 00 00 00 10 00 0b 00 09
08 68 74 74 70 2f 31 2e 31
1 3 0.0028 (0.0000) S>CV3.3(934) Handshake
Certificate
Packet data[939]=
16 03 03 03 a6 0b 00 03 a2 00 03 9f 00 03 9c 30
82 03 98 30 82 02 80 a0 03 02 01 02 02 09 01 62
56 fb c9 3c e9 65 18 30 0d 06 09 2a 86 48 86 f7
0d 01 01 0b 05 00 30 54 31 21 30 1f 06 03 55 04
03 0c 18 4e 6f 72 74 68 65 61 73 74 65 72 6e 20
53 53 4c 20 54 65 73 74 20 43 41 31 15 30 13 06
03 55 04 0a 0c 0c 4e 6f 72 74 68 65 61 73 74 65
72 6e 31 18 30 16 06 03 55 04 0b 0c 0f 53 53 4c
20 43 6c 6f 63 6b 20 53 6b 65 77 73 30 1e 17 0d
31 36 30 34 31 30 32 31 30 34 32 34 5a 17 0d 31
39 30 34 31 30 32 31 30 35 32 38 5a 30 60 31 0b
30 09 06 03 55 04 06 13 02 55 53 31 0b 30 09 06
03 55 04 08 0c 02 4d 41 31 0f 30 0d 06 03 55 04
07 0c 06 42 6f 73 74 6f 6e 31 15 30 13 06 03 55
04 0a 0c 0c 4e 6f 72 74 68 65 61 73 74 65 72 6e
31 1c 30 1a 06 03 55 04 03 0c 13 74 69 6d 65 32
2e 73 65 63 75 72 65 70 6b 69 2e 6f 72 67 30 82
01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05
00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 d5
a5 51 9d 89 b2 cf 1d 8b 9d 36 69 47 e3 f8 42 ff
4f 9a fb 4e 3a 0b 7a 67 22 de d8 7e 32 22 ff 51
0f 23 c1 e8 16 c4 4a 07 0f c1 b2 bc 5e 17 f4 b7
ce d7 11 9e a3 79 33 e7 28 5c 4b 0e b0 6b a4 a9
4d 8a ca 24 54 c0 f4 ca f5 0b 04 5b 0f 15 d8 c5
ee 8a 6c 3f 91 a9 d9 6c 15 78 c5 d0 13 0f 6b af
1b 6c 32 f2 30 7d f9 2e 7a 9e 78 7f 20 68 66 e3
6d 15 52 87 e9 23 f2 5c 3a c6 81 2a 7e 29 ea 6f
6a b0 51 2e 94 84 ae be 70 8e 9e cc 9c 91 55 ea
ed 98 26 80 2b b2 7b d3 ad c7 b5 c3 da 8e 68 8d
45 ba 5a 24 e2 56 7f 0c 72 3d 48 98 43 2e fb bc
11 26 db b9 c1 8d a8 01 77 67 76 ef 48 a1 35 74
80 05 62 2c b6 c8 44 ac b5 44 59 e6 b2 e6 0d 4b
bb 15 b2 83 86 c4 26 bc e1 80 72 65 79 11 a4 f3
c5 21 42 03 b3 f1 73 ea 9f 8b 4a dd 6c 1d 8a bb
bc b1 5a 6a 7f 85 c0 45 80 82 8a 50 3d 71 13 02
03 01 00 01 a3 61 30 5f 30 0e 06 03 55 1d 0f 01
01 ff 04 04 03 02 05 e0 30 0c 06 03 55 1d 13 01
01 ff 04 02 30 00 30 1f 06 03 55 1d 23 04 18 30
16 80 14 06 2d f4 43 60 76 97 3b 03 6e e2 28 e6
ba b2 ab e2 f0 f3 4d 30 1e 06 03 55 1d 11 04 17
30 15 82 13 74 69 6d 65 32 2e 73 65 63 75 72 65
70 6b 69 2e 6f 72 67 30 0d 06 09 2a 86 48 86 f7
0d 01 01 0b 05 00 03 82 01 01 00 40 41 42 54 2c
5b ce af dd ea 4c a6 43 43 72 70 bd 22 61 69 51
1d 07 0c 60 ce 33 16 25 03 a4 03 67 fb c7 5c eb
4c 55 de c3 33 af 61 97 24 4e 5a 5a b6 17 df 39
99 3b 1f 45 88 6d 2b e8 0e c1 12 38 40 44 44 6b
5c 56 1c f6 d8 6d 2a 44 27 24 32 ce a4 29 49 12
0a 45 df b8 88 55 67 11 c4 3b af d7 01 b6 6e 6c
53 f3 12 0c b1 7f 16 d2 14 33 bd 9d cb 57 21 40
eb 49 fe a8 ea a1 e2 93 40 93 62 54 a1 9d 37 1b
da 54 35 ab e6 b0 b8 bc 3f fb b9 ae c3 a5 5c 44
50 e4 6c e5 96 a3 a9 5a fc d0 fe 9d 17 b2 4e b4
12 84 1c 1f f9 f7 02 61 35 fa 06 8f 83 69 0a a5
bd 89 02 d2 2c 76 4d 95 68 f7 89 af 02 1c 57 e5
2c 31 62 3f e3 4e 26 55 39 ec aa 2c 76 a5 e0 f9
01 a3 42 c4 69 89 d2 81 6a 63 3e fa a2 4c 9c b1
f6 f3 5f e1 5f b0 08 e4 29 ca e7 39 ba 12 b2 ab
31 47 5c ff e6 d0 0e 47 35 2b bb
1 4 0.0028 (0.0000) S>CV3.3(300) Handshake
ServerKeyExchange
Packet data[305]=
16 03 03 01 2c 0c 00 01 28 03 00 1d 20 df 4d 5e
c0 1d d2 c9 6c 56 9f e8 35 d2 be 70 12 99 4f 41
b5 88 d9 f0 a9 35 61 eb c2 bb 1f 8e 2c 06 01 01
00 40 90 ec e2 fa 4f e7 36 8a 53 0e 68 89 15 8a
79 10 a1 14 55 ce c0 7c 4f d7 c7 46 9e 29 87 bc
34 29 70 1c 2e 43 bf 0a fb 53 6a 13 a6 5c 74 3b
d6 99 fa 40 34 c4 10 a1 78 6c 62 8c e2 51 e8 a5
b8 eb 80 c5 d3 06 47 ce 25 10 df f3 63 e1 bb 68
66 40 2c 89 cb 75 8a 09 0a 79 aa 88 ef 19 58 30
99 0e 05 aa 23 14 93 52 87 17 39 92 6d 01 4a 09
d1 b0 6d fe 37 59 56 f0 f4 8d 52 b1 0e 10 ec 1c
7d 44 1d 68 4c b8 be 9b 47 85 26 fc cc 6d 5e d9
51 1a b3 2f 75 de 90 a3 5d f1 9c 6b eb ad 8e cf
4b a3 41 6f d3 91 ef 76 e6 f1 52 f3 c9 75 b5 e9
0c ed f7 aa 8d dd f2 3f 79 6e e9 f3 ba 93 3d 68
fc d0 07 58 a5 f4 3f 4e 76 bb 1f 5d 27 51 fd 38
a7 49 7f de 6c 8e 63 7d f4 52 5a 7e 27 63 b7 d8
55 3f 4a 39 63 e3 88 40 13 84 c0 87 53 d7 26 44
70 15 70 ed 6a 85 b3 82 90 47 48 84 94 fe 9e cc
19
1 5 0.0028 (0.0000) S>CV3.3(4) Handshake
ServerHelloDone
Packet data[9]=
16 03 03 00 04 0e 00 00 00
1 6 0.0038 (0.0009) C>SV3.3(37) Handshake
ClientKeyExchange
Packet data[42]=
16 03 03 00 25 10 00 00 21 20 c2 34 95 bd d9 fa
fe 7a 52 aa 4c 44 4b f6 f0 b1 4a be f7 c7 68 6c
e8 75 17 9b ed cc ec b7 5c 11
1 7 0.0038 (0.0000) C>SV3.3(1) ChangeCipherSpec
Packet data[6]=
14 03 03 00 01 01
1 8 0.0038 (0.0000) C>SV3.3(40) Handshake
Packet data[45]=
16 03 03 00 28 00 00 00 00 00 00 00 00 c3 98 a8
28 a6 35 4f 20 e8 e2 ca ee fb d6 58 95 ca 31 ea
86 5c c2 04 6c 35 d9 ba bd a0 27 fa 8a
1 0.0040 (0.0002) C>S TCP FIN
1 9 0.0045 (0.0005) S>CV3.3(218) Handshake
Packet data[223]=
16 03 03 00 da 04 00 00 d6 00 00 01 2c 00 d0 e4
ef 74 bb 05 44 68 1c 3a b7 45 c1 bd 87 28 92 e3
6e ba db a1 58 38 f2 d4 e4 ce fc 68 d9 25 b3 c4
ed ea 33 71 6a ac 42 74 6d 50 f0 66 92 bd 7f d2
78 a2 3e 33 0d 02 3b f1 0d b2 04 6a 99 19 15 46
8d 0d 78 c9 6f 05 bd 00 e5 3a 65 34 7b 67 d1 8e
ee 60 77 dc 61 51 be 27 6d 9f e1 58 b4 13 26 c0
ad 31 88 a8 66 30 bb 54 fb ba b8 f9 a4 5a 00 ca
de 18 3c 8d ae 3a 31 b1 a3 2d 62 44 1a 3a 79 35
a8 22 86 ae 5d f5 55 1b d0 43 08 7c bf 38 72 b0
97 79 43 aa 5d ef 7c 36 48 63 ac a9 00 d6 7d d9
be b6 51 c9 c1 0c 26 a8 84 c9 38 95 ea e1 eb 70
13 58 dd db 14 90 42 33 46 42 36 3c bd ab 66 44
c5 e1 11 e7 5c 43 a5 06 33 7d 80 ea 8a b5 b1
1 10 0.0045 (0.0000) S>CV3.3(1) ChangeCipherSpec
Packet data[6]=
14 03 03 00 01 01
1 11 0.0045 (0.0000) S>CV3.3(40) Handshake
Packet data[45]=
16 03 03 00 28 1f 9d ba 7d 2f 5e b5 b2 65 eb 93
85 64 58 29 17 a0 23 8d d0 db ab 99 be ab d4 e7
f8 6c 0b 0d f6 0e 6d 1f d6 d4 e4 1d 5d
1 0.0047 (0.0001) S>C TCP FIN
New TCP connection #2: 192.168.33.1(57380) <-> 192.168.33.10(443)
답변1
별도의 파일로 분할을 사용할 수 있습니다 csplit.
sudo ssldump -i enp0s8 -a -A -H -n -x | csplit - '/^New TCP connection/'
xx00이렇게 하면 입력이 이라는 이름의 최대 100개 파일로 분할됩니다 xx99.
이 옵션을 사용하여 xx접두사(기본값)를 다른 것으로 설정할 수 있습니다 --prefix=somethingelse.
파일 개수를 계산하는 데 사용되는 비트 수를 설정하는 데 사용할 수 있습니다(기본값은 2) --digits=X.
--keep-files프로세스를 중지할 때 생성된 파일이 삭제되는 경우 이 옵션을 사용할 수 있습니다 csplit(인터럽트를 실패로 해석할 수 있음).