decrypt with tcpdump --f5 ssl
1 TopicProblems to decrypt with tcpdump --f5 ssl procedure
Hello we are following the procedure contained in the document https://clouddocs.f5.com/training/community/adc/html/class4/module1/lab10.html, which despite having generated the .pms file without problems, when opening the capture file using wireshark, it does not participate in seeing the decrypted packets for HTTP. The command used is below: tcpdump -i 0.0 src net X.X.X.X/22 or src net Y.Y.Y.0/20 and dst host Y.Y.Y.Y -vv -w /var/tmp/<my file.cap> --f5 ssl the command to generate the Keylog file: tshark -r <my capture>.cap -Y f5ethtrailer.tls.keylog -Tfields -e f5ethtrailer.tls.keylog > ./pre_master_log.pms the pre_master_log.pms file was successfully generated, however, the TLS packets were not converted to HTTP as illustrated in the cited document. Remembering that the adjustments informed in the document regarding the TLS protocol in Wireshark were made! Please could we help?984Views0likes5Comments