Forum Discussion

Hamza's avatar
Hamza
Icon for Cirrus rankCirrus
Apr 10, 2023

Tcpdump with f5-- ssl flag

hello,

i am not able to cupture trafic with tcpdump --f5 ssl :

[root@BIGIP1:Peer Time Out of Sync:Changes Pending] config # tmsh modify sys db tcpdump.sslprovider value enable

[root@BIGIP1:Peer Time Out of Sync:Changes Pending] config # tmsh modify sys db log.ssl.level value Debug

[root@BIGIP1:Peer Time Out of Sync:Changes Pending] config #

[root@BIGIP1:Peer Time Out of Sync:Changes Pending] config #

[root@BIGIP1:Peer Time Out of Sync:Changes Pending] config #

[root@BIGIP1:Peer Time Out of Sync:Changes Pending] config # tcpdump -s0 -ni 0.0:nnnp -w /var/tmp/"$HOSTNAME"_working_"$(date +%d-%m-%y)".pcap --f5 ssl -vv host 105.65.6.7

tcpdump: WARNING:  The "ssl" option is disabled. The "ssl" option cannot be used in Common Criteria mode. Common Criteria mode is controlled by the DB variable security.commoncriteria.

 

have you any idea please?

  • Hi Hamza,

    If "sys db security.commoncriteria" value is true, you will get this warning.

    tmsh list sys db security.commoncriteria

    You need to change the value to false. The change will require reboot.