Forum Discussion

Cirrus

Jul 20, 2022

Decrypting SSL traffic - PMS and egress

Hi - two questions combined. Background - trying to catch and decipher tcpdump both for Client -> VIP and F5-> Pool Members traffic I'm following this tutorial: Decrypt with tcpdump --f5 ssl I ma...

MVP

Jul 20, 2022

Hello, I usually use an iRule to log and collect secrets which I'm attaching. This saves info in plain text in LTM file, eventually you can force log rotation and manually bulk-delete all lines from this iRule in "ltm.1" file when you're done.

To retrieve info and create pms file, run this from bash shell.

sed -e 's/^.*\(RSA Session-ID\)/\1/;tx;d;:x' /var/log/ltm > /var/tmp/sessionsecrets.pms
grep -h -o 'CLIENT_RANDOM.*' /var/log/ltm >> /var/tmp/sessionsecrets.pms

To import PMS file in wireshark,

Edit -> Preferences -> Protocols -> SSL => (Pre)-Master Secret log filename [Browse]

irule_ssl_logger.zip0 KB

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Decrypting SSL traffic - PMS and egress

Recent Discussions

Background Tasks

Which process is consuming higher CPU

SSL bridging without SSL proxy forward

Big-IP VE edition for MacBook M4 Chip

Client SSL Profile set to Require Client Certificate breaks RDP in APM

Related Content

K50557518: Decrypt SSL traffic with the SSLKEYLOGFILE...

fellow traffic

TLS Fingerprinting to profile SSL/TLS clients without decryption

Managing Kubernetes Traffic With F5 NGINX: A Practical Guide

Air Gap Egress Inspection with SSL Intercept iApp Template

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS