Forum Discussion
giovannistavale
Nimbostratus
NimbostratusProblems to decrypt with tcpdump --f5 ssl procedure
Hello
we are following the procedure contained in the document https://clouddocs.f5.com/training/community/adc/html/class4/module1/lab10.html, which despite having
generated the .pms file without problems, when opening the capture file using wireshark, it does not participate in seeing the decrypted packets for HTTP.
The command used is below:
tcpdump -i 0.0 src net X.X.X.X/22 or src net Y.Y.Y.0/20 and dst host Y.Y.Y.Y -vv -w /var/tmp/<my file.cap> --f5 ssl
the command to generate the Keylog file:
tshark -r <my capture>.cap -Y f5ethtrailer.tls.keylog -Tfields -e f5ethtrailer.tls.keylog > ./pre_master_log.pms
the pre_master_log.pms file was successfully generated, however, the TLS packets were not converted to HTTP as illustrated in the cited document.
Remembering that the adjustments informed in the document regarding the TLS protocol in Wireshark were made!
Please could we help?
Hello giovannistavale ,
Make sure with your Virsion , your F5 appliance must be on Virsion 15.0.0 and later.
follow this KB : https://support.f5.com/csp/article/K31793632 For more details.
giovannistavaleHi Mr. Mohamed! Thank you very much for your attention! I forgot to pass this information... The version we use is 15.1.5.1 Build 0.0.14 and we also read this article but unfornutately we haven't been successful following this procedure so far.
Okay , Let me take a Pcap in my lab and follow with you After that.
