19-Dec-2022 12:57 - edited 19-Dec-2022 13:00
Hello
we are following the procedure contained in the document https://clouddocs.f5.com/training/community/adc/html/class4/module1/lab10.html, which despite having
generated the .pms file without problems, when opening the capture file using wireshark, it does not participate in seeing the decrypted packets for HTTP.
The command used is below:
tcpdump -i 0.0 src net X.X.X.X/22 or src net Y.Y.Y.0/20 and dst host Y.Y.Y.Y -vv -w /var/tmp/<my file.cap> --f5 ssl
the command to generate the Keylog file:
tshark -r <my capture>.cap -Y f5ethtrailer.tls.keylog -Tfields -e f5ethtrailer.tls.keylog > ./pre_master_log.pms
the pre_master_log.pms file was successfully generated, however, the TLS packets were not converted to HTTP as illustrated in the cited document.
Remembering that the adjustments informed in the document regarding the TLS protocol in Wireshark were made!
Please could we help?
19-Dec-2022 13:31
Hello @giovannistavale ,
Make sure with your Virsion , your F5 appliance must be on Virsion 15.0.0 and later.
follow this KB : https://support.f5.com/csp/article/K31793632 For more details.
20-Dec-2022 04:14
Hi Mr. Mohamed! Thank you very much for your attention! I forgot to pass this information... The version we use is 15.1.5.1 Build 0.0.14 and we also read this article but unfornutately we haven't been successful following this procedure so far.
20-Dec-2022 06:38
Okay , Let me take a Pcap in my lab and follow with you After that.
20-Dec-2022 07:30
Thank you very much Mr Mohamed! Please, if possible, help me to create a lab running on Windows 10 (VM-F5 OVA) to simulate this and other configurations.
Thank you in advance
20-Dec-2022 10:52
Okay @giovannistavale ,
I will be happy to do that.
First
> I have Windows 10 , VMware Workstation v15.5 pro , F5 VE v15 , Auction server for ASM Labs , Colors web servers for LTM " Red , blue and Green ".
I can share with you the above resources if you do not have it.
> After That , I will share with you some Videos to see each step in details and save it as Reference with you :
1 ) https://www.youtube.com/watch?v=UKzWNW6QG20&ab_channel=Zabqureshi%27sNetworkLessons
2 ) https://www.youtube.com/watch?v=y_AzwQ3Gbbg&ab_channel=Network%26SecurityWithAayush
3 ) https://www.youtube.com/watch?v=WSUoyfsxVhQ&ab_channel=AccessSecurely
Review above links and let me see the progress
Let me know if you need anything in this setup , I will Follow up with you till deploying your Lab.
it is Very important to test everything and learn before applying new configuration in real environment.
For --ssl I will Test it and give you the Feedback , I hope it works with me because I don’t like Decryption iRule with Pcaps 😁