tcpdump on LTM
I am trying to capture traffic of communications between clients and servers. I currently have the syntax of my tcpdump commands worked out to what I want. But, when I try to save it to a file type and export it off the LTM and try to open it in wireshark for analysis, I get the following error. "The file "test.pcap" isnt a capture file in a format Wireshark understands." I receive this error from other file types as well. Is there a standard file type I should Use? After I finish posting this I am going to try this with .bin instead of .pcap or its variants.SSLDump PMS File Issues.
I am working with the SSLDump Utility and I am running into issues generating the PMS file to decrypt the traffic. I have a feeling it ihas nothing to do with my pcap (yet). when I run the following command I get the following errors: ssldump -r ~/ssldump.pcap -k -M ~/client1.pms "Problem loading private key" "ERROR: Couldn't create network handler" Are the ssl keys in fact stored in this directory? This is what I have been trying to use at least: /config/filestore/files_d/Common_d/certificate_key_d/Full path TCPDump
I have been doing some studying on tcpdump and traffic analytics on the F5. I was wondering if there was a way to capture the entire path of the traffic all the way to the server. So I know I can do "Client to F5" and "Server to F5", but is there a way to do "Client to F5 to Server?" Would the VIP I want to dump have to be a performance L4 in order for this to work?