Forum Discussion
Jer-O
Apr 19, 2018Cirrus
I've found it much more useful to do a tcpdump first, then read the pcap file with ssldump. It also gives you more flexibility to analyze the dump with Wireshark as well as convert it through ssldump.
tcpdump -vvnni 0.0:nnnp -s0 host ip_address -w /shared/tmp/file.pcap
This command captures end-to-end packets that can be traced using the F5 plugin for Wireshark.
This is also included in a script I published today.
Finally (If you have access to the key):
ssldump -Aednr /var/tmp/file.pcap -k /config/filestore/files_d/Common_d/certificate_key_d/:Common:file.key__ > /shared/tmp/file.txt