DTrace script to collect information about cipher suites used

DTrace script to collect information about cipher suites used

Here is a script I have to trace SSL calls. Running this script on a Web Server instance (32 bit ) pid lets say in our case is 9149. Sending some SSL requests on to this server :

There are two ways to run this log=normal and log=verbose. Pressing control C returns the statistical data.

$./ssltop.d 9149 log=normal
t@26: 2008 Oct 30 16:50:56: 129.158.224.109 Connection created
t@26: 2008 Oct 30 16:50:56: ListenSocket::accept called
t@30: 2008 Oct 30 16:50:56: 129.158.224.109 Negotiated cipher RC4
t@33: 2008 Oct 30 16:51:06: 129.158.224.109 Negotiated cipher AES-256
t@32: 2008 Oct 30 16:51:06: 129.158.224.109 Negotiated cipher AES-256
t@26: 2008 Oct 30 16:51:06: 129.158.224.109 Connection created
t@26: 2008 Oct 30 16:51:06: ListenSocket::accept called
t@33: 2008 Oct 30 16:51:06: 129.158.224.109 Negotiated cipher AES-256
t@32: 2008 Oct 30 16:51:06: 129.158.224.109 Negotiated cipher AES-256
t@33: 2008 Oct 30 16:51:06: 129.158.224.109 Negotiated cipher AES-256
t@32: 2008 Oct 30 16:51:06: 129.158.224.109 Negotiated cipher AES-256
t@33: 2008 Oct 30 16:51:06: 129.158.224.109 Negotiated cipher AES-256
t@32: 2008 Oct 30 16:51:06: 129.158.224.109 Negotiated cipher AES-256
t@33: 2008 Oct 30 16:51:06: 129.158.224.109 Negotiated cipher AES-256
t@32: 2008 Oct 30 16:51:06: 129.158.224.109 Negotiated cipher AES-256
t@33: 2008 Oct 30 16:51:06: 129.158.224.109 Negotiated cipher AES-256
t@32: 2008 Oct 30 16:51:06: 129.158.224.109 Negotiated cipher AES-256
t@30: 2008 Oct 30 16:51:06: 129.158.224.109 Negotiated cipher AES-256
\^C
SSL Functions Called
--------------------
count      Function
SSL Ciphers used
--------------------
count      cipher suite
1          RC4
13         AES-256

 Running in verbose mode gives more information :

$./ssltop.d 9149 log=verbose
t@32: 2008 Oct 30 16:50:13: Entered ssl3_GatherAppDataRecord ...
t@32: 2008 Oct 30 16:50:13: Entered ssl3_GatherCompleteHandshake ...
t@32: 2008 Oct 30 16:50:13: Entered ssl3_GatherData ...
t@35: 2008 Oct 30 16:50:13: Entered ssl3_GatherAppDataRecord ...
t@35: 2008 Oct 30 16:50:13: Entered ssl3_GatherCompleteHandshake ...
t@35: 2008 Oct 30 16:50:13: Entered ssl3_GatherData ...
t@32: 2008 Oct 30 16:50:14: Entered ssl3_HandleRecord ...
t@32: 2008 Oct 30 16:50:14: Entered ssl3_ClientAuthTokenPresent ...
t@32: 2008 Oct 30 16:50:14: Entered ssl3_ComputeRecordMAC ...
t@32: 2008 Oct 30 16:50:14: Entered ssl3_BumpSequenceNumber ...
t@32: 2008 Oct 30 16:50:14: 129.158.224.109 Negotiated cipher AES-256
t@32: 2008 Oct 30 16:50:14: Entered ssl3_SendApplicationData ...
t@32: 2008 Oct 30 16:50:14: Entered ssl3_SendRecord ...
t@32: 2008 Oct 30 16:50:14: Entered ssl3_ClientAuthTokenPresent ...
t@32: 2008 Oct 30 16:50:14: Entered ssl3_CompressMACEncryptRecord ...
t@32: 2008 Oct 30 16:50:14: Entered ssl3_ComputeRecordMAC ...
t@32: 2008 Oct 30 16:50:14: Entered ssl3_BumpSequenceNumber ...
t@32: 2008 Oct 30 16:50:14: Entered ssl3_SendApplicationData ...
t@32: 2008 Oct 30 16:50:14: Entered ssl3_SendRecord ...
t@32: 2008 Oct 30 16:50:14: Entered ssl3_ClientAuthTokenPresent ...
t@32: 2008 Oct 30 16:50:14: Entered ssl3_CompressMACEncryptRecord ...
t@32: 2008 Oct 30 16:50:14: Entered ssl3_ComputeRecordMAC ...
t@32: 2008 Oct 30 16:50:14: Entered ssl3_BumpSequenceNumber ...
t@32: 2008 Oct 30 16:50:14: Entered ssl3_GatherAppDataRecord ...
t@32: 2008 Oct 30 16:50:14: Entered ssl3_GatherCompleteHandshake ...
t@32: 2008 Oct 30 16:50:14: Entered ssl3_GatherData ...
t@35: 2008 Oct 30 16:50:14: Entered ssl3_HandleRecord ...
t@35: 2008 Oct 30 16:50:14: Entered ssl3_ClientAuthTokenPresent ...
t@35: 2008 Oct 30 16:50:14: Entered ssl3_ComputeRecordMAC ...
t@35: 2008 Oct 30 16:50:14: Entered ssl3_BumpSequenceNumber ...
t@35: 2008 Oct 30 16:50:14: 129.158.224.109 Negotiated cipher AES-256
t@35: 2008 Oct 30 16:50:14: Entered ssl3_SendApplicationData ...
t@35: 2008 Oct 30 16:50:14: Entered ssl3_SendRecord ...
t@35: 2008 Oct 30 16:50:14: Entered ssl3_ClientAuthTokenPresent ...
t@35: 2008 Oct 30 16:50:14: Entered ssl3_CompressMACEncryptRecord ...
t@35: 2008 Oct 30 16:50:14: Entered ssl3_ComputeRecordMAC ...
t@35: 2008 Oct 30 16:50:14: Entered ssl3_BumpSequenceNumber ...
t@35: 2008 Oct 30 16:50:14: Entered ssl3_GatherAppDataRecord ...
t@35: 2008 Oct 30 16:50:14: Entered ssl3_GatherCompleteHandshake ...
t@35: 2008 Oct 30 16:50:14: Entered ssl3_GatherData ...
t@32: 2008 Oct 30 16:50:14: Entered ssl3_HandleRecord ...
t@32: 2008 Oct 30 16:50:14: Entered ssl3_ClientAuthTokenPresent ...
t@32: 2008 Oct 30 16:50:14: Entered ssl3_ComputeRecordMAC ...
t@32: 2008 Oct 30 16:50:14: Entered ssl3_BumpSequenceNumber ...
t@32: 2008 Oct 30 16:50:14: 129.158.224.109 Negotiated cipher AES-256
t@32: 2008 Oct 30 16:50:14: Entered ssl3_SendApplicationData ...
t@32: 2008 Oct 30 16:50:14: Entered ssl3_SendRecord ...
t@32: 2008 Oct 30 16:50:14: Entered ssl3_ClientAuthTokenPresent ...
t@32: 2008 Oct 30 16:50:14: Entered ssl3_CompressMACEncryptRecord ...
t@32: 2008 Oct 30 16:50:14: Entered ssl3_ComputeRecordMAC ...
t@32: 2008 Oct 30 16:50:14: Entered ssl3_BumpSequenceNumber ...
t@32: 2008 Oct 30 16:50:14: Entered ssl3_GatherAppDataRecord ...
t@32: 2008 Oct 30 16:50:14: Entered ssl3_GatherCompleteHandshake ...
t@32: 2008 Oct 30 16:50:14: Entered ssl3_GatherData ...
t@32: 2008 Oct 30 16:50:14: Entered ssl3_HandleRecord ...
t@32: 2008 Oct 30 16:50:14: Entered ssl3_ClientAuthTokenPresent ...
t@32: 2008 Oct 30 16:50:14: Entered ssl3_ComputeRecordMAC ...
t@32: 2008 Oct 30 16:50:14: Entered ssl3_BumpSequenceNumber ...
t@32: 2008 Oct 30 16:50:14: 129.158.224.109 Negotiated cipher AES-256
t@32: 2008 Oct 30 16:50:14: Entered ssl3_SendApplicationData ...
t@32: 2008 Oct 30 16:50:14: Entered ssl3_SendRecord ...
t@32: 2008 Oct 30 16:50:14: Entered ssl3_ClientAuthTokenPresent ...
t@32: 2008 Oct 30 16:50:14: Entered ssl3_CompressMACEncryptRecord ...
t@32: 2008 Oct 30 16:50:14: Entered ssl3_ComputeRecordMAC ...
t@32: 2008 Oct 30 16:50:14: Entered ssl3_BumpSequenceNumber ...
t@32: 2008 Oct 30 16:50:14: Entered ssl3_GatherAppDataRecord ...
t@32: 2008 Oct 30 16:50:14: Entered ssl3_GatherCompleteHandshake ...
t@32: 2008 Oct 30 16:50:14: Entered ssl3_GatherData ...
t@32: 2008 Oct 30 16:50:14: Entered ssl3_HandleRecord ...
t@32: 2008 Oct 30 16:50:14: Entered ssl3_ClientAuthTokenPresent ...
t@32: 2008 Oct 30 16:50:14: Entered ssl3_ComputeRecordMAC ...
t@32: 2008 Oct 30 16:50:14: Entered ssl3_BumpSequenceNumber ...
t@32: 2008 Oct 30 16:50:14: 129.158.224.109 Negotiated cipher AES-256
t@32: 2008 Oct 30 16:50:14: Entered ssl3_SendApplicationData ...
t@32: 2008 Oct 30 16:50:14: Entered ssl3_SendRecord ...
t@32: 2008 Oct 30 16:50:14: Entered ssl3_ClientAuthTokenPresent ...
t@32: 2008 Oct 30 16:50:14: Entered ssl3_CompressMACEncryptRecord ...
t@32: 2008 Oct 30 16:50:14: Entered ssl3_ComputeRecordMAC ...
t@32: 2008 Oct 30 16:50:14: Entered ssl3_BumpSequenceNumber ...
t@32: 2008 Oct 30 16:50:14: Entered ssl3_GatherAppDataRecord ...
t@32: 2008 Oct 30 16:50:14: Entered ssl3_GatherCompleteHandshake ...
t@32: 2008 Oct 30 16:50:14: Entered ssl3_GatherData ...
...
t@32: 2008 Oct 30 16:50:14: Entered ssl3_BumpSequenceNumber ...
t@32: 2008 Oct 30 16:50:14: 129.158.224.109 Negotiated cipher AES-256
t@32: 2008 Oct 30 16:50:14: Entered ssl3_SendApplicationData ...
t@32: 2008 Oct 30 16:50:14: Entered ssl3_SendRecord ...
t@32: 2008 Oct 30 16:50:14: Entered ssl3_ClientAuthTokenPresent ...
t@32: 2008 Oct 30 16:50:14: Entered ssl3_CompressMACEncryptRecord ...
t@32: 2008 Oct 30 16:50:14: Entered ssl3_ComputeRecordMAC ...
t@32: 2008 Oct 30 16:50:14: Entered ssl3_BumpSequenceNumber ...
t@32: 2008 Oct 30 16:50:14: Entered ssl3_GatherAppDataRecord ...
t@32: 2008 Oct 30 16:50:14: Entered ssl3_GatherCompleteHandshake ...
t@32: 2008 Oct 30 16:50:14: Entered ssl3_GatherData ...
t@35: 2008 Oct 30 16:50:14: Entered ssl3_HandleRecord ...
t@35: 2008 Oct 30 16:50:14: Entered ssl3_ClientAuthTokenPresent ...
t@35: 2008 Oct 30 16:50:14: Entered ssl3_ComputeRecordMAC ...
t@35: 2008 Oct 30 16:50:14: Entered ssl3_BumpSequenceNumber ...
t@35: 2008 Oct 30 16:50:14: 129.158.224.109 Negotiated cipher AES-256
t@35: 2008 Oct 30 16:50:14: Entered ssl3_SendApplicationData ...
t@35: 2008 Oct 30 16:50:14: Entered ssl3_SendRecord ...
t@35: 2008 Oct 30 16:50:14: Entered ssl3_ClientAuthTokenPresent ...
t@35: 2008 Oct 30 16:50:14: Entered ssl3_CompressMACEncryptRecord ...
t@35: 2008 Oct 30 16:50:14: Entered ssl3_ComputeRecordMAC ...
t@35: 2008 Oct 30 16:50:14: Entered ssl3_BumpSequenceNumber ...
t@35: 2008 Oct 30 16:50:14: Entered ssl3_GatherAppDataRecord ...
t@35: 2008 Oct 30 16:50:14: Entered ssl3_GatherCompleteHandshake ...
t@35: 2008 Oct 30 16:50:14: Entered ssl3_GatherData ...
\^C
SSL Functions Called
--------------------
count      Function
13         ssl3_HandleRecord
15         ssl3_CompressMACEncryptRecord
15         ssl3_GatherAppDataRecord
15         ssl3_GatherCompleteHandshake
15         ssl3_GatherData
15         ssl3_SendApplicationData
15         ssl3_SendRecord
28         ssl3_BumpSequenceNumber
28         ssl3_ClientAuthTokenPresent
28         ssl3_ComputeRecordMAC
SSL Ciphers used
--------------------
count      cipher suite
13         AES-256
Comments:

This'll be useful for some of the cipher suite usage questions, cool.

Posted by Jyri on October 24, 2008 at 01:11 PM IST #

Post a Comment:
  • HTML Syntax: NOT allowed
About

Meena Vyas

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today