Forum Discussion
DennisJann
Jan 31, 2019Nimbostratus
You can capture the SSL session keys with an iRule while running tcpdump on the BIG-IP, and then use the Master Secret log file to view the decrypted tcpdump data in Wireshark.
K16700: Decrypting SSL traffic using the SSL::sessionsecret iRules command
The instructions in the KB article do work for decrypting PFS sessions.
If your HTTPS VIP is running on a non-standard port, you would need to go into Wireshark preferences and add the non-standard HTTPS port in Protocols > HTTP > SSL/TLS Ports.