Forum Discussion
Feb 27, 2020
I check the content length/type for both environments and they are the same. I will run a capture tonight. Is there a recommended syntax to add to the tcpdump command to get the most insight to the traffic?
- NAGFeb 27, 2020Cirrostratus
1) You have to use a iRule to collect SSL session secrets to be used in wire-shark to decrypt the SSL traffic in captures.
Decrypting SSL traffic using the SSL::sessionsecret iRules command
https://support.f5.com/csp/article/K12783074
2) command for captures::
tcpdump -vvni 0.0:nnnp -s0 host <Client_IP>-w /var/tmp/file_name.pcap