we are following the procedure contained in the document https://clouddocs.f5.com/training/community/adc/html/class4/module1/lab10.html, which despite having
generated the .pms file without problems, when opening the capture file using wireshark, it does not participate in seeing the decrypted packets for HTTP.
The command used is below:
tcpdump -i 0.0 src net X.X.X.X/22 or src net Y.Y.Y.0/20 and dst host Y.Y.Y.Y -vv -w /var/tmp/<my file.cap> --f5 ssl
the command to generate the Keylog file:
tshark -r <my capture>.cap -Y f5ethtrailer.tls.keylog -Tfields -e f5ethtrailer.tls.keylog > ./pre_master_log.pms
the pre_master_log.pms file was successfully generated, however, the TLS packets were not converted to HTTP as illustrated in the cited document.
Remembering that the adjustments informed in the document regarding the TLS protocol in Wireshark were made!
Please could we help?
Hi Mr. Mohamed! Thank you very much for your attention! I forgot to pass this information... The version we use is 18.104.22.168 Build 0.0.14 and we also read this article but unfornutately we haven't been successful following this procedure so far.
Okay @giovannistavale ,
I will be happy to do that.
> I have Windows 10 , VMware Workstation v15.5 pro , F5 VE v15 , Auction server for ASM Labs , Colors web servers for LTM " Red , blue and Green ".
I can share with you the above resources if you do not have it.
> After That , I will share with you some Videos to see each step in details and save it as Reference with you :
1 ) https://www.youtube.com/watch?v=UKzWNW6QG20&ab_channel=Zabqureshi%27sNetworkLessons
3 ) https://www.youtube.com/watch?v=WSUoyfsxVhQ&ab_channel=AccessSecurely
Review above links and let me see the progress
Let me know if you need anything in this setup , I will Follow up with you till deploying your Lab.
it is Very important to test everything and learn before applying new configuration in real environment.
For --ssl I will Test it and give you the Feedback , I hope it works with me because I don’t like Decryption iRule with Pcaps 😁