-h Print usage message.
-p PID Trace only functions in this process PID.
-u UID Trace only calls made by this UID.
-x Show extra fields: UID and TID.
-c COMM Show only processes that match this COMM exactly.
-o, --no-openssl Do not trace OpenSSL functions.
-g, --no-gnutls Do not trace GnuTLS functions.
-n, --no-nss Do not trace GnuTLS functions.
--hexdump Show data as hexdump instead of trying to decode it as UTF-8
--max-buffer-size SIZE Sets maximum buffer size of intercepted data. Longer values would be truncated. Default value is 8 Kib, maximum possible value is a bit less than 32 Kib.
-l, --latency Show function latency in ms.
--handshake Show handshake latency, enabled only if latency option is on.
--extra-lib EXTRA_LIB Consist type of the library and library path separated by colon. Supported library types are: openssl, gnutls, nss. Can be specified multiple times.
Print all calls to SSL write/send and read/recv system-wide: # sslsniff
Print only OpenSSL calls issued by user with UID 1000 # sslsniff -u 1000 --no-nss --no-gnutls
Print SSL handshake event and latency for all traced functions: # sslsniff -l --handshake
Print only calls to OpenSSL from /some/path/libssl.so sslsniff --no-openssl --no-gnutls --no-nss --extra-lib openssl:/some/path/libssl.so
FUNC Which function is being called (write/send or read/recv)
TIME Time of the command, in seconds.
COMM Entered command.
PID Process ID calling SSL.
LEN Bytes written or read by SSL functions.
UID UID of the process, displayed only if launched with -x.
TID Thread ID, displayed only if launched with -x.
LAT(ms) Function latency in ms.
Also look in the bcc distribution for a companion _examples.txt file containing example usage, output, and commentary for this tool.