Forum Discussion

Anzine321's avatar
Anzine321
Icon for Altocumulus rankAltocumulus
Jan 31, 2025
Solved

Decrypt ssl server

Hi everyone
Is it possible to decrypt ssl server profile?

I want to view data send from server to f5

 

  • Yes, it is possible. If you're on version 15 or higher, you can follow the instructions in the below F5 article:

    https://my.f5.com/manage/s/article/K31793632

    Because you stated that you want to decrypt the traffic on the server-side (i.e. between the BIG-IP and the back-end pool member), you will need to use the "p" flag in your tcpdump command (this is mentioned in the same article).

    An example of the command that I personally most often use is:

    tcpdump -i <VLAN>:p -nn -s0  --f5 ssl "host <CLIENT IP> and port 443" -w /var/tmp/"$HOSTNAME"_"$(date +%d-%m-%y)".pcap

     

  • Yes, it is possible. If you're on version 15 or higher, you can follow the instructions in the below F5 article:

    https://my.f5.com/manage/s/article/K31793632

    Because you stated that you want to decrypt the traffic on the server-side (i.e. between the BIG-IP and the back-end pool member), you will need to use the "p" flag in your tcpdump command (this is mentioned in the same article).

    An example of the command that I personally most often use is:

    tcpdump -i <VLAN>:p -nn -s0  --f5 ssl "host <CLIENT IP> and port 443" -w /var/tmp/"$HOSTNAME"_"$(date +%d-%m-%y)".pcap