Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 
Custom Alert Banner

Problems to decrypt with tcpdump --f5 ssl procedure

giovannistavale
Nimbostratus
Nimbostratus

Hello
we are following the procedure contained in the document https://clouddocs.f5.com/training/community/adc/html/class4/module1/lab10.html, which despite having
generated the .pms file without problems, when opening the capture file using wireshark, it does not participate in seeing the decrypted packets for HTTP.

The command used is below:
tcpdump -i 0.0 src net X.X.X.X/22 or src net Y.Y.Y.0/20 and dst host Y.Y.Y.Y -vv -w /var/tmp/<my file.cap> --f5 ssl

the command to generate the Keylog file:

tshark -r <my capture>.cap -Y f5ethtrailer.tls.keylog -Tfields -e f5ethtrailer.tls.keylog > ./pre_master_log.pms

the pre_master_log.pms file was successfully generated, however, the TLS packets were not converted to HTTP as illustrated in the cited document.
Remembering that the adjustments informed in the document regarding the TLS protocol in Wireshark were made!

Please could we help?

5 REPLIES 5

Hello @giovannistavale , 
Make sure with your Virsion , your F5 appliance must be on Virsion 15.0.0 and later. 

follow this KB : https://support.f5.com/csp/article/K31793632 For more details. 


 

_______________________
Regards
Mohamed Kansoh

Hi Mr. Mohamed! Thank you very much for your attention! I forgot to pass this information... The version we use is 15.1.5.1 Build 0.0.14 and we also read this article but unfornutately we haven't been successful following this procedure so far.

Okay , Let me take a Pcap in my lab and follow with you After that. 

_______________________
Regards
Mohamed Kansoh

Thank you very much Mr Mohamed! Please, if possible, help me to create a lab running on Windows 10 (VM-F5 OVA) to simulate this and other configurations.

Thank you in advance

Okay @giovannistavale , 
I will be happy to do that. 
First 
> I have Windows 10 , VMware Workstation v15.5 pro , F5 VE v15 , Auction server for ASM Labs , Colors web servers for LTM " Red , blue and Green ". 
I can share with you the above resources if you do not have it. 

> After That , I will share with you some Videos to see each step in details and save it as Reference with you : 

1 ) https://www.youtube.com/watch?v=UKzWNW6QG20&ab_channel=Zabqureshi%27sNetworkLessons

2 ) https://www.youtube.com/watch?v=y_AzwQ3Gbbg&ab_channel=Network%26SecurityWithAayush

3 ) https://www.youtube.com/watch?v=WSUoyfsxVhQ&ab_channel=AccessSecurely

Review above links and let me see the progress 
Let me know if you need anything in this setup , I will Follow up with you till deploying your Lab. 
it is Very important to test everything and learn before applying new configuration in real environment. 

For --ssl I will Test it and give you the Feedback , I hope it works with me because I don’t like Decryption iRule with Pcaps 😁

_______________________
Regards
Mohamed Kansoh