For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

InquisitiveMai's avatar
InquisitiveMai
Icon for Cirrostratus rankCirrostratus
Feb 20, 2025

With Passthrough VIP how does SSL handshake work

Trying to understand when the backend member takes care of certificate, how does SSL handshake work as client connects to the VIP ip   I took a packet capture and see sessions for client and server...
application delivery
InquisitiveMai's avatar
InquisitiveMai
Icon for Cirrostratus rankCirrostratus
Feb 21, 2025

PauliusThank you for your response. The above filter only captures the client machine traffic. Do I need to put any other setting on wireshark.

I did take another capture on the F5 with the VIP address and pool member port (tcpdump -vvv -nni 0.0:nnnp -so host <VIP IP Address> or Port <Pool member port> -v -w /shared/tmp/file.pcap and Do not see the same port being used for connection from F5 to backend member. For this second capture, I did conversation filter with F5 TCP and see client Hellos and Server Hellos with seperate Port numbers from Client:random port <--->VIP:443 and  F5 SelfIP:<random port different> <---> Poolmember:44376

 

 

nitass's avatar
nitass
Icon for Employee rankEmployee
Feb 22, 2025

The above filter only captures the client machine traffic. Do I need to put any other setting on wireshark.

Try not to use p modifier

e.g.

tcpdump -nni 0.0:nnn -s0 -w /var/tmp/<output file> '(host <virtual ip> or host <pool member ip>) and port 443' -v