decrypted tcpdump capture without using an iRule and without using tshark

Last week I attended the Wireshark Foundation’s SharkFest in Warsaw. While there I raised a question with core developer Stig Bjørlykke that’s been bothering me for some time: why go through all the ...

Published Nov 09, 2025

Version 1.0

decrypt with tcpdump --f5 ssl

tls

wireshark

Richard_

Altocumulus

Joined May 16, 2019

View Profile

Juergen_Mang

MVP

Nov 17, 2025

You can also use my script directly on the F5 that injects the secrets back in the tcpdump file. No need to add the PMS file manually.

https://community.f5.com/kb/codeshare/decrypting-tls-with-the-tcpdump-sslprovider/298680

Richard_
Altocumulus
Nov 18, 2025
Hi Juergen,
Thank you for your reaction. Nice solution too.
Still, I prefer my solution, which I find easier to work with:
- excute tcpdump
- open pcap in Wireshark
- run lau script from the menu bar
- done.
All other actions as described above are one time setup actions.
But, as with all software, it's also personal preference.

decrypted tcpdump capture without using an iRule and without using tshark

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS