Forum Discussion
K2
Nimbostratus
NimbostratusHow do I decrypt pcaps from the selfIP to Pool members for health monitor traffic?
I can apply and irule and decrypt pcaps for a conversation with a cleint to virtual server and the server-side, but cannot find any documentation on how to get the Pre Master Secret keys for a health monitor conversation.
- Paulius
MVP
K2Your best bet is to capture the traffic and save it to a file using the following link.
https://support.f5.com/csp/article/K411
Once you have the file saved then transfer it to your PC/laptop/server and decrypt the traffic using wireshark and the following link.
https://unit42.paloaltonetworks.com/wireshark-tutorial-decrypting-https-traffic/
I don't believe you can really do this any other way that is clean.
boneyardIn general good information, but the question is here how to get that key log file information. For a health monitor you don't really seem to have a way.
You can just do curl with the same content. Else perhaps have a look at the server logs?
Juergen_MangMy TLS decrypt script should also decrypt monitor traffic.
https://community.f5.com/t5/codeshare/decrypting-tls-with-the-tcpdump-sslprovider/ta-p/298680
- K2
I'm running V14.1.5.1, so to the best of my knowledge "sys db tcpdump.sslprovider" is not available. thanks anyway.
- Nikoolayy1
I am not aware of any way but maybe you could enable logging under a pool member and see what you want?
