Logs from unsniff:
Tobrief:
1.The SSL is V3 and uses cert request for getting the client certificate.
2.Initial handshake itself carries the certificate request from the server.
3.All the pages are client authenticated.
4.IE 6.0 is used as a client.
5.Apache server is used and settings are in such a way that all pages are client authenticated.Is never uses HelloRequest type of handshake.
! 01-30-2008 14:07:53 00000f4c 010b8418 XML Plugin C:\Program Files\Unleash Networks\Unsniff\xmlplugs\T35CountryCodes.xml : Skipping non-protocol plugin, no <USNFProtocol> tag
! 01-30-2008 14:07:53 00000fe0 00000000 IntelliDNS Started & Waiting for Requests
! 01-30-2008 14:07:59 00000f4c 010b8418 [?UNK?] XML ID: Using XML document from URI C:\Program Files\Unleash Networks\Unsniff\xmlplugs\X509v3.xml
! 01-30-2008 14:07:59 00000f4c 010b8418 Found 1 adapters
! 01-30-2008 14:07:59 00000f4c 010b8418 Choosing 0 as active adapter
! 01-30-2008 14:07:59 00000f4c 010b8418 Created new capture file
! 01-30-2008 14:08:01 00000f4c 010e3840 Started capture on selected interface
! 01-30-2008 14:08:01 00000f4c 010e3840 Unsniff will flush a copy of all packets to log/TRCTCPD.9404390
! 01-30-2008 14:08:01 00000f50 00000000 Staring capture from \Device\NPF_{C25E0E1E-31F2-458C-A6AD-92726EBFBE0C}
+ 01-30-2008 14:08:04 00000f4c 010e3840 [TLS] XML Fld: XML URI tls.xml not found in C:\Program Files\Unleash Networks\Unsniff, will search elsewhere
+ 01-30-2008 14:08:04 00000f4c 010e3840 [TLS] [0x8004040d] XML Fld Def: XML URI tls.xml, not found in C:\Documents and Settings\user\Application Data\Unleash Networks\Unsniff\Cfg\tls.xml
! 01-30-2008 14:08:04 00000f4c 010e3840 [TLS] XML Fld Def: Using XML document from dir C:\Program Files\Unleash Networks\Unsniff\Cfg\tls.xml
! 01-30-2008 14:08:04 00000f4c 010e3840 [PLUG] Perf: Time to load field defs from XML [0 sec: 44352 usec]
+ 01-30-2008 14:08:06 00000f4c 010e3840 [TLS] Security parameters not available for decryption
! 01-30-2008 14:08:07 00000f4c 010e3840 nTotal = 7856, nTotalConv = 7672, bps = 20456
! 01-30-2008 14:08:07 00000f4c 010e3840 nTotal = 7856, nTotalConv = 184, bps = 488
! 01-30-2008 14:08:10 00000f4c 010e3840 nTotal = 277878, nTotalConv = 277786, bps = 740760
! 01-30-2008 14:08:10 00000f4c 010e3840 nTotal = 277878, nTotalConv = 92, bps = 240