Troubleshoot with tcpdump and Wireshark

This class covers the following topics:

• tcpdump switches and filters
• F5 specific tcpdump commands
• F5 Wireshark Plugin
• Using the F5 Wireshark Plugin
• SSL decrypt packet capture

We will be using a Windows 2019 jumpbox to connect to the lab environment. Click on the lab link given out during class and select the RDP option to connect to the lab box.

The credentials will be the following:

user: user password: user

Switches

• tcpdump Switches
• tcpdump Filters
• F5 Specific tcpdump Switches
• Configure the F5 Wireshark Plugin
  • Wireshark version 3.2.1 is installed on the jumpbox.
  • If you have a version before 3.0 of wireshark you will need to download and install the F5 Wireshark plugin.
• Taking a Capture from the F5
• Configuring/Using Wireshark F5 Plugin
• Follow F5 Conversation
• F5 Low Details
• F5 Medium Details
• F5 High Details
• High Details and Other Field Dissectors
• Decrypt with tcpdump --f5 ssl
  • Automate Pre Master Secret File Creation
• Decrypting SSL in Wireshark
• Appendix
  • Decrypt SSL with iRule
  • Decrypt traffic using Client