NAME

       sslsnoop.bt - Show SSL/TLS handshake events. Uses bpftrace/eBPF.

SYNOPSIS

       sslsnoop.bt

DESCRIPTION

       sslsnoop  traces OpenSSL handshake functions, and shows latency and return value. This can
       be used to analyze SSL/TLS performance.

       This tool works by dynamic tracing the uprobes in OpenSSL and related crypto libs, and may
       need updating to match future changes to these functions.

       Since this uses BPF, only the root user can use this tool.

REQUIREMENTS

       CONFIG_BPF and bpftrace.

EXAMPLES

       Trace SSL/TLS handshake events, printing per-line summaries:
              # sslsnoop.bt

FIELDS

       TIME(us)
              Time of the call completion, in microseconds since program start.

       TID    Thread ID.

       COMM   Process name.

       LAT(us)
              Latency of the call, in microseconds.

       RET    Return value of the call.

       FUNC   Function name.

OVERHEAD

       SSL/TLS handshake usually contains network latency and the traced crypto functions are CPU
       intensive tasks, so call frequency should be low and the overhead of this tool is expected
       to be negligible.

SOURCE

       This is from bpftrace.

              https://github.com/iovisor/bpftrace

       Also  look  in  the  bpftrace  distribution  for a companion _examples.txt file containing
       example usage, output, and commentary for this tool.

       There is a bcc tool sslsniff that can show SSL/TLS handshake event latency before sniffing
       the  plaintext  in  SSL_read/write.  This  tool  provides  more  detailed  crypto  latency
       distribution during the handshake event.

              https://github.com/iovisor/bcc

OS

       Linux

STABILITY

       Unstable - in development.

AUTHOR

       Tao Xu

SEE ALSO

       biosnoop.bt(8)