For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Automating Packet Captures on BIG-IP

How many times have you had to log in to BIG-IP, copy/paste the tcpdump commands in, look at the file name, scp the file down or away, then rinse/repeat with other key files or re-capture something...
Published Apr 25, 2022
Version 1.0
devops
iRules
tcpdump
tls
JRahm's avatar
Icon for Admin rankAdmin
Christ Follower, Husband, Father, Technologist. I love community and I especially love THIS community. My background is networking, but I've dabbled in all the F5 iStuff, I'm a recovering Perl guy, and am very much a python enthusiast. Learning alongside all of you in this accelerating industry toward modern apps and architectures.
View Profile
Juergen_Mang's avatar
Juergen_Mang
Icon for MVP rankMVP
May 20, 2022

I have already scripted a utility here to automatically extract the pre master secrets from a tcpdump with enabled f5 sslprovider. The pre master secret file can then be used with whireshark to do the decrpytion. Decryption works with all ssl versions including tls 1.3 any any number of tcp streams.

If there is any interesst, I can share it with the community.