EUEM - How to see what monitored traffic is using TLS version 1, 2 or 3?

Version 1
    Share:|

    This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.


    PRODUCT:

    BMC Real End User Experience Monitoring - Software Edition


    COMPONENT:

    Cloud Probe


    APPLIES TO:

    Real User Cloud Probe versions 10.0 and later



    PROBLEM:

     

    The monitored traffic is encrypted with different versions of TLS/SSL. How to see which server IP address is using which version of TLS ?
    The Real User Collector's Reference lists on SSL Version shows only the count for each SSL version.

     


    SOLUTION:

     

    There is no historical record of the server IP addresses that correspond to each TLS/SSL version used. The Real User Cloud Probe only keeps track of a count for each version.

    A workaround is to run a tcpdump on the system where the Cloud Probe is deployed. Using a tool like Wireshark on the capture file with a filter looking for the SSL handshake can reveal the version of SSL used.

     


    Article Number:

    000167109


    Article Type:

    Solutions to a Product Problem



      Looking for additional information?    Search BMC Support  or  Browse Knowledge Articles