Forum Discussion

Mohamed_Ahmed_Kansoh's avatar
Jun 23, 2023

decrypted tcpdump capture without using an iRule using tshark

Hi Folks , 

I have used this Article : https://my.f5.com/manage/s/article/K31793632

Everything works well , and I could decrypt my captures but with using the manual way of collecting the Key log pms. 

but this way will take too much to export each key log for each stream so if I took two samples from Key log entries in two different ssl streams and create the pms file , I see that not whole capture be decrypted >>> that's expected , because I haven't exported all key log entries in F5 TLS. 

In this Article there is an automated way to export Key log entries with executing one command using tshark utility. 

Unfortunately this tool doesn't work with bigip bash to export Key Log , it needs others UNIX environments. 

Are there any direct method to export these Key log entries or using tshark utility but not with any Linux/UNIX environments. 

Thanks