Forum Discussion

Roland_177200's avatar
Roland_177200
Icon for Nimbostratus rankNimbostratus
Jan 19, 2015

F5 plugin v1.9 and SSL decryption in Wireshark 1.12.x

Hello,

 

I noticed that if I use the latest F5 plugin with Wireshark 1.12.x the decrypted packets are not being displayed. It works fine with 1.10.x or 1.11.x.

 

The SSL debug from Wireshark shows that the packet is being decrypted in all versions I tested. The problem with 1.12.x is that you will still see the TLS packet instead of for example the HTTP GET request.

 

I followed sol10209 to generate the pms file.

 

I tested with Wireshark Portable and an installed version of Wireshark 32-bit.

 

I compiled my own plugin and also tested the plugin from here https://devcentral.f5.com/d/wireshark-plugin?download=true

 

OS: Windows 7 Enterprise 64-bit.

 

Has anyone else experienced the same behaviour?

 

*.x means I tested all subversions

 

Thank you.

 

Roland

 

plugin
ssl
wireshark

4 Replies

Sort By
  • Brad_Parker_139's avatar
    Brad_Parker_139
    Icon for Nacreous rankNacreous
    Jan 23, 2015

    I would suggest running wireshark natively 64bit on your 64bit OS. I've had no issues running the latest 64bit wireshark(1.12.3) on Windows 8.1 with the latest 64bit dll.

     

    • Roland_177200's avatar
      Roland_177200
      Icon for Nimbostratus rankNimbostratus
      Jan 23, 2015
      It works with the 64bit, but I am avoiding it because it has more bugs than the 32bit version. For the moment I will use the F5 plugin with Wireshark Portable 1.10.2. Thank you for the answer.
  • Brad_Parker's avatar
    Brad_Parker
    Icon for Cirrus rankCirrus
    Jan 23, 2015

    I would suggest running wireshark natively 64bit on your 64bit OS. I've had no issues running the latest 64bit wireshark(1.12.3) on Windows 8.1 with the latest 64bit dll.

     

    • Roland_177200's avatar
      Roland_177200
      Icon for Nimbostratus rankNimbostratus
      Jan 23, 2015
      It works with the 64bit, but I am avoiding it because it has more bugs than the 32bit version. For the moment I will use the F5 plugin with Wireshark Portable 1.10.2. Thank you for the answer.