Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

使用“-w”dump出的pcapng包没有明文显示 #254

Closed
robbietu opened this issue Nov 1, 2022 · 2 comments
Closed

使用“-w”dump出的pcapng包没有明文显示 #254

robbietu opened this issue Nov 1, 2022 · 2 comments

Comments

@robbietu
Copy link

robbietu commented Nov 1, 2022

运行环境
centos 8.2
kernel版本 4.18.0-193.el8.x86_64

问题及复现步骤

  1. 执行 “./ecapture tls”
  2. 在服务器上面执行 curl hittps://www.baidu.com
  3. 可以看到有明文的https消息打印
    1
    4.改用pcapng dump方式,命令改为 “ ./ecapture tls -i ens192 -w 1.pcapng --libssl="/lib64/libssl.so.1.1",pcapng包里的消息并没有明文显示
    2
    3

另外还尝试了--libssl=“/lib64/libssl.so.1.1.1c” ,--libssl=“/usr/lib64/libssl.so.1.1.1c”以及--libssl=“/usr/lib64/libssl.so.1.1”,依然无法获得明文的pcapng包。这些都是libssl.so的软链接

附curl的ldd结果
4

请帮忙看看是什么问题,多谢!!
@cfc4n
Copy link
Member

cfc4n commented Nov 1, 2022

use ./ecapture tls -i ens192 -w 1.pcapng --libssl="/lib64/libssl.so.1.1" --ssl_version="openssl 1.1.1c" instead .

it is a bug fixed at #250 , will release new version next weekend.

@robbietu
Copy link
Author

robbietu commented Nov 2, 2022

用这个命令就可以了

@robbietu robbietu closed this as completed Nov 2, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cfc4n @robbietu