Provided by: bpftrace_0.21.2-2ubuntu3_amd64 bug

NAME
       sslsnoop.bt - Show SSL/TLS handshake events. Uses bpftrace/eBPF.


SYNOPSIS
       sslsnoop.bt


DESCRIPTION
       sslsnoop  traces  OpenSSL  handshake  functions,  and shows latency and return value. This can be used to
       analyze SSL/TLS performance.

       This tool works by dynamic tracing the uprobes in OpenSSL and related crypto libs, and may need  updating
       to match future changes to these functions.

       Since this uses BPF, only the root user can use this tool.


REQUIREMENTS
       CONFIG_BPF and bpftrace.


EXAMPLES
       Trace SSL/TLS handshake events, printing per-line summaries:
              # sslsnoop.bt


FIELDS
       TIME(us)
              Time of the call completion, in microseconds since program start.

       TID    Thread ID.

       COMM   Process name.

       LAT(us)
              Latency of the call, in microseconds.

       RET    Return value of the call.

       FUNC   Function name.


OVERHEAD
       SSL/TLS  handshake  usually  contains  network  latency and the traced crypto functions are CPU intensive
       tasks, so call frequency should be low and the overhead of this tool is expected to be negligible.


SOURCE
       This is from bpftrace.

              https://github.com/bpftrace/bpftrace

       Also look in the bpftrace distribution for a  companion  _examples.txt  file  containing  example  usage,
       output, and commentary for this tool.

       There  is a bcc tool sslsniff that can show SSL/TLS handshake event latency before sniffing the plaintext
       in SSL_read/write. This tool provides more detailed crypto  latency  distribution  during  the  handshake
       event.

              https://github.com/iovisor/bcc


OS
       Linux


STABILITY
       Unstable - in development.


AUTHOR
       Tao Xu


SEE ALSO
       biosnoop.bt(8)

USER COMMANDS                                      2021-12-28                                     sslsnoop.bt(8)