Problems to decrypt with tcpdump --f5 ssl procedure

Question

Hellowe are following the procedure contained in the document https://clouddocs.f5.com/training/community/adc/html/class4/module1/lab10.html, which despite havinggenerated the .pms file without problems, when opening the capture file using wireshark, it does not participate in seeing the decrypted packets for HTTP.The command used is below:tcpdump -i 0.0 src net X.X.X.X/22 or src net Y.Y.Y.0/20 and dst host Y.Y.Y.Y -vv -w /var/tmp/&lt;my file.cap&gt; --f5 sslthe command to generate the Keylog file:tshark -r &lt;my capture&gt;.cap -Y f5ethtrailer.tls.keylog -Tfields -e f5ethtrailer.tls.keylog &gt; ./pre_master_log.pmsthe pre_master_log.pms file was successfully generated, however, the TLS packets were not converted to HTTP as illustrated in the cited document.Remembering that the adjustments informed in the document regarding the TLS protocol in Wireshark were made!Please could we help?

mohamed_ahmed_kansoh · Answer

Okay&nbsp;giovannistavale&nbsp;,&nbsp;I will be happy to do that.&nbsp;First&nbsp;&gt; I have Windows 10 , VMware Workstation v15.5 pro , F5 VE v15 , Auction server for ASM Labs , Colors web servers for LTM " Red , blue and Green ".&nbsp;I can share with you the above resources if you do not have it.&nbsp;&gt; After That , I will share with you some Videos to see each step in details and save it as Reference with you :&nbsp;1 )&nbsp;https://www.youtube.com/watch?v=UKzWNW6QG20&amp;ab_channel=Zabqureshi%27sNetworkLessons2 )&nbsp;https://www.youtube.com/watch?v=y_AzwQ3Gbbg&amp;ab_channel=Network%26SecurityWithAayush3 )&nbsp;https://www.youtube.com/watch?v=WSUoyfsxVhQ&amp;ab_channel=AccessSecurelyReview above links and let me see the progress&nbsp;Let me know if you need anything in this setup , I will Follow up with you till deploying your Lab.&nbsp;it is Very important to test everything and learn before applying new configuration in real environment.&nbsp;For --ssl I will Test it and give you the Feedback , I hope it works with me because I don’t like Decryption iRule with Pcaps 😁

mohamed_ahmed_kansoh · Answer

Hello&nbsp;giovannistavale&nbsp;,&nbsp;Make sure with your Virsion , your F5 appliance must be on Virsion 15.0.0 and later.&nbsp;follow this KB :&nbsp;https://support.f5.com/csp/article/K31793632&nbsp;For more details.&nbsp;&nbsp;

giovannistavale · Answer

Hi Mr. Mohamed! Thank you very much for your attention! I forgot to pass this information... The version we use is 15.1.5.1 Build 0.0.14 and we also read this article but unfornutately we haven't been successful following this procedure so far.

mohamed_ahmed_kansoh · Answer

Okay , Let me take a Pcap in my lab and follow with you After that.&nbsp;

giovannistavale · Answer

Thank you very much Mr Mohamed! Please, if possible, help me to create a lab running on Windows 10 (VM-F5 OVA) to simulate this and other configurations.Thank you in advance

Forum Discussion

Problems to decrypt with tcpdump --f5 ssl procedure

5 Replies

Recent Discussions

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

F5 loadbalancer not working

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

Related Content

Decrypt, Encrypt, Decrypt, Encrypt, Encrypt....

Decrypting BIG-IP Packet Captures without iRules

Decrypting BIG-IP Packet Captures Automatically

F5 Distributed Cloud - Regional Decryption with Virtual Sites

Decrypting TLS traffic on BIG-IP