Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
508
Views
0
Helpful
3
Replies

Sniffing SSL Transactions on CSS

Go to solution
a.veschak
Level 1
Level 1

‎03-12-2007 04:08 PM

Is it possible to sniff SSL encrypted traffic on the CSS? Our config has encrypted user traffic coming in to the CSS on port 443, being unencrypted by the SSL module, then reencrypted and sent out to the backend server on port 443. Are there any debug or snoop commands I can run on the CSS to view the encrypt/decrypt transactions and capture the clear text data?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Gilles Dufour
Cisco Employee
Cisco Employee

‎03-13-2007 06:43 AM

there is no way to see this info directly from the CSS.

You'll need to use tools like SSLDUMP as mentioned in another post.

Gilles.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
alejrodr
Cisco Employee
Cisco Employee

‎03-13-2007 06:26 AM

You can sniff the SSL traffic coming in and heading out of the CSS with a regular sniffer application such as Ethereal or Wireshark. Be sure to save the file in .cap format.

Using a tool such as SSLDUMP along with OPENSSL, you can use your CSSs private key to decrypt the secure traffic. Only having the private key and certificate you will be able to decrypt the payload of the SSL traffic.

http://www.rtfm.com/ssldump/

0 Helpful

Go to solution
a.veschak
Level 1
Level 1
In response to alejrodr

‎03-13-2007 06:47 AM

Thanks for the reply alejrodr... but I guess I need to clarify exactly what I am trying to do.

I am wondering if there is a way to be on the CSS remotely and issue some commands (debugs?) that would enable me to view the entire process of the traffic flow from entry to exit as it is being processed by the SSL module. Basically, is there a command I can run on the CSS that will dump all SSL module transaction data either onto the screen or into a file on the disk?

0 Helpful

Go to solution
Gilles Dufour
Cisco Employee
Cisco Employee

‎03-13-2007 06:43 AM

there is no way to see this info directly from the CSS.

You'll need to use tools like SSLDUMP as mentioned in another post.

Gilles.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents