Tcpdump with f5-- ssl flag

Question

hello,i am not able to cupture trafic with tcpdump --f5 ssl :[root@BIGIP1:Peer Time Out of Sync:Changes Pending] config # tmsh modify sys db tcpdump.sslprovider value enable[root@BIGIP1:Peer Time Out of Sync:Changes Pending] config # tmsh modify sys db log.ssl.level value Debug[root@BIGIP1:Peer Time Out of Sync:Changes Pending] config #[root@BIGIP1:Peer Time Out of Sync:Changes Pending] config #[root@BIGIP1:Peer Time Out of Sync:Changes Pending] config #[root@BIGIP1:Peer Time Out of Sync:Changes Pending] config # tcpdump -s0 -ni 0.0:nnnp -w /var/tmp/"$HOSTNAME"_working_"$(date +%d-%m-%y)".pcap --f5 ssl -vv host 105.65.6.7tcpdump: WARNING:&nbsp; The "ssl" option is disabled. The "ssl" option cannot be used in Common Criteria mode. Common Criteria mode is controlled by the DB variable security.commoncriteria.&nbsp;have you any idea please?

enes_afsin_al · Answer

Hi Hamza,
If "sys db security.commoncriteria" value is true, you will get this warning.
tmsh list sys db security.commoncriteria
You need to change the value to false. The change will require reboot.

Forum Discussion

Tcpdump with f5-- ssl flag

1 Reply

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Failing over Virtual F5 VE to DR location using Zerto

Unblock Request WAF

TLS handshake failure from BIG-IP to backend – Fatal Alert: Decode Error (Server SSL)

Failing over of a Virtual F5 configuration to another location using Zerto restore process

F5 Networks F5CAB1 Exam - Need Help Regarding Prep

Related Content

decrypted tcpdump capture without using an iRule and without using tshark

8. SYN Cookie: Troubleshooting tcpdump

Packet Analysis with Scapy and tcpdump: Checking Compatibility with F5 SSL Orchestrator

Decrypting TLS with the tcpdump sslprovider

F5 HTTPS Redirect 2025

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS