SSL/TLS のパケットの中身を解析できる ssldump というコマンドがあります。
RedHat 8 に ssldump をインストール手順を解説します。
ダウンロード
rpmパッケージがあるので、これをダウンロードしてインストールすると簡単です。
■tar.gzファイルをダウンロードする場合
ssldump home page
http://ssldump.sourceforge.net/
■pkg.orgから rpm パッケージをダウンロードする場合
CentOS7
https://centos.pkgs.org/7/epel-x86_64/ssldump-0.9-0.9.b3.el7.x86_64.rpm.html
CentOS8
https://centos.pkgs.org/8/forensics-x86_64/ssldump-0.9-0.9.b3.el8.x86_64.rpm.html
wget コマンドで cert-forensics のリポジトリ(rpmパッケージ)をダウンロードします。
|
[root@ip-172-31-20-12 ~]# wget https://forensics.cert.org/cert-forensics-tools-release-el8.rpm
–2020-04-19 00:11:35– https://forensics.cert.org/cert-forensics-tools-release-el8.rpm
Resolving forensics.cert.org (forensics.cert.org)… 192.88.209.7
Connecting to forensics.cert.org (forensics.cert.org)|192.88.209.7|:443… connected.
HTTP request sent, awaiting response… 200 OK
Length: 17664 (17K) [application/x-rpm]
Saving to: ‘cert-forensics-tools-release-el8.rpm’
cert-forensics-tool 100%[===================>] 17.25K 97.7KB/s in 0.2s
2020-04-19 00:11:36 (97.7 KB/s) – ‘cert-forensics-tools-release-el8.rpm’ saved [17664/17664]
[root@ip-172-31-20-12 ~]#
|
cert-forensicsのリポジトリをインストールします。
|
[root@ip-172-31-20-12 ~]# yum install cert-forensics-tools-release-el8.rpm
Last metadata expiration check: 0:01:11 ago on Sun 19 Apr 2020 12:10:40 AM UTC.
Dependencies resolved.
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
cert-forensics-tools-release noarch 8-15 @commandline 17 k
Transaction Summary
================================================================================
Install 1 Package
Total size: 17 k
Installed size: 13 k
Is this ok [y/N]: y
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : cert-forensics-tools-release-8-15.noarch 1/1
Verifying : cert-forensics-tools-release-8-15.noarch 1/1
Installed:
cert-forensics-tools-release-8-15.noarch
Complete!
[root@ip-172-31-20-12 ~]#
|
cert-forensics のリポジトリを利用して ssldump をインストールします。
|
[root@ip-172-31-20-12 ~]# dnf –enablerepo=forensics install ssldump
CERT Forensics Tools Repository 57 kB/s | 434 kB 00:07
CERT Forensics Tools Repository – Splunk 40 kB/s | 241 kB 00:05
Dependencies resolved.
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
ssldump x86_64 0.9-0.9.b3.el8 forensics 49 k
Transaction Summary
================================================================================
Install 1 Package
Total download size: 49 k
Installed size: 119 k
Is this ok [y/N]: y
Downloading Packages:
ssldump-0.9-0.9.b3.el8.x86_64.rpm 18 kB/s | 49 kB 00:02
——————————————————————————–
Total 18 kB/s | 49 kB 00:02
warning: /var/cache/dnf/forensics-45ed43063d97ebe6/packages/ssldump-0.9-0.9.b3.el8.x86_64.rpm: Header V4 RSA/SHA1 Signature, key ID 87e360b8: NOKEY
CERT Forensics Tools Repository 2.3 MB/s | 2.4 kB 00:00
Importing GPG key 0x87E360B8:
Userid : “CERT Forensics Operations and Investivations Team <forensics@cert.org>”
Fingerprint: 26A0 829D 5C01 FC51 C304 9037 E97F 3E0A 87E3 60B8
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-cert-forensics-2022-04-03
Is this ok [y/N]: y
Key imported successfully
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : ssldump-0.9-0.9.b3.el8.x86_64 1/1
Running scriptlet: ssldump-0.9-0.9.b3.el8.x86_64 1/1
Verifying : ssldump-0.9-0.9.b3.el8.x86_64 1/1
Installed:
ssldump-0.9-0.9.b3.el8.x86_64
Complete!
[root@ip-172-31-20-12 ~]#
|
動作確認
|
[root@ip-172-31-20-12 ~]# ssldump -v
ssldump 0.9b3
Copyright (C) 1998-2001 RTFM, Inc.
All rights reserved.
[root@ip-172-31-20-12 ~]#
|
コメント