casa-mp-base

Description: Revise ssldump.1 for correctness and completeness

Author: Simon Law <sfllaw@engmail.uwaterloo.ca>

--- ssldump.1

+++ ssldump.1

@@ -61,12 +61,9 @@ ssldump \- dump SSL traffic on a network

 .na

 .B ssldump

 [

-.B \-vtaTnsAxXhHVNdq

+.B \-vTshVq

+.B \-aAdeHnNqTxXvy

 ] [

-.B \-r

-.I dumpfile

-]

-[

 .B \-i

 .I interface

 ]

@@ -81,6 +78,16 @@ ssldump \- dump SSL traffic on a network

 .I password

 ]

 [

+.B \-r

+.I dumpfile

+]

+.br

+.ti +8

+[ 

+.B \-S 

+.RI [\| crypto \||\| d \||\| ht \||\| H \||\| nroff \|] 

+]

+[

 .I expression

 ]

 .br

@@ -125,6 +132,7 @@ any user may run

 You must have read access to

 .IR /dev/bpf* .

 .SH OPTIONS

+.TP

 .B \-a

 Print bare TCP ACKs (useful for observing Nagle behavior)

 .TP

@@ -135,7 +143,7 @@ the most interesting fields)

 .B \-d

 Display the application data traffic. This usually means

 decrypting it, but when -d is used ssldump will also decode

-application data traffic _before_ the SSL session initiates.

+application data traffic \fIbefore\fP the SSL session initiates.

 This allows you to see HTTPS CONNECT behavior as well as

 SMTP STARTTLS. As a side effect, since ssldump can't tell

 whether plaintext is traffic before the initiation of an

@@ -148,18 +156,9 @@ dumps. See also -X.

 .B \-e

 Print absolute timestamps instead of relative timestamps

 .TP

-.B \-r

-Read data from \fIfile\fP instead of from the network.

-The old -f option still works but is deprecated and will 

-probably be removed with the next version.

 .B \-H

 Print the full SSL packet header.