casa-mp-base

Description: Revise ssldump.1 for correctness and completeness

Author: Simon Law <sfllaw@engmail.uwaterloo.ca>

--- ssldump.1

+++ ssldump.1

@@ -61,12 +61,9 @@ ssldump \- dump SSL traffic on a network

 .na

 .B ssldump

 [

-.B \-vtaTnsAxXhHVNdq

+.B \-vTshVq

+.B \-aAdeHnNqTxXvy

 ] [

-.B \-r

-.I dumpfile

-]

-[

 .B \-i

 .I interface

 ]

@@ -81,6 +78,16 @@ ssldump \- dump SSL traffic on a network

 .I password

 ]

 [

+.B \-r

+.I dumpfile

+]

+.br

+.ti +8

+[ 

+.B \-S 

+.RI [\| crypto \||\| d \||\| ht \||\| H \||\| nroff \|] 

+]

+[

 .I expression

 ]

 .br

@@ -125,6 +132,7 @@ any user may run

 You must have read access to

 .IR /dev/bpf* .

 .SH OPTIONS

+.TP

 .B \-a

 Print bare TCP ACKs (useful for observing Nagle behavior)

 .TP

@@ -135,7 +143,7 @@ the most interesting fields)

 .B \-d

 Display the application data traffic. This usually means

 decrypting it, but when -d is used ssldump will also decode

-application data traffic _before_ the SSL session initiates.

+application data traffic \fIbefore\fP the SSL session initiates.

 This allows you to see HTTPS CONNECT behavior as well as

 SMTP STARTTLS. As a side effect, since ssldump can't tell

 whether plaintext is traffic before the initiation of an

@@ -148,18 +156,9 @@ dumps. See also -X.

 .B \-e

 Print absolute timestamps instead of relative timestamps

 .TP

-.B \-r

-Read data from \fIfile\fP instead of from the network.

-The old -f option still works but is deprecated and will 

-probably be removed with the next version.

 .B \-H

 Print the full SSL packet header.

 .TP

-.B \-k

-Use \fIkeyfile\fP as the location of the SSL keyfile (OpenSSL format)

-Previous versions of ssldump automatically looked in ./server.pem.

-Now you must specify your keyfile every time.

-.TP

 .B \-n 

 Don't try to resolve host names from IP addresses

 .TP

@@ -176,6 +175,12 @@ Don't put the interface into promiscuous

 .B \-q

 Don't decode any record fields beyond a single summary line. (quiet mode).

 .TP

+.B \-T

+Print the TCP headers.

+.TP

+.B \-v

+Display version and copyright information.

+.TP

 .B \-x

 Print each record in hex, as well as decoding it.

 .TP

@@ -183,13 +188,48 @@ Print each record in hex, as well as dec

 When the -d option is used, binary data is automatically printed

 in two columns with a hex dump on the left and the printable characters

 on the right. -X suppresses the display of the printable characters,

-thus making it easier to cut and paste the hext data into some other

+thus making it easier to cut and paste the hex data into some other