NimbostratusI am trying to debug some SSL handshake errors and it seems ssldump is different enough on the LTMs to make me a bit nuts. After a few seconds it dies with: ERROR: Length mismatch. The entire interwebs say this is because it needs a '-s 0' command line switch which the F5 version of ssldump doesn't have. Any ideas how to capture more than a few seconds of traffic?
CirrostratusCheck out this article from AskF5: https://support.f5.com/kb/en-us/solutions/public/10000/200/sol10209.html
NimbostratusThat is what I was afraid would be the solution as I was trying to avoid the tcpdump then feed into ssldump method. Ah well, seems that is the only option. Thanks!
AltocumulusHi Bubbagump 12531,
I'm probably about 4 years late to this party but if you're just tshooting an SSL negotiation issue then running #ssldump -i vlan_100_internal host 10.0.100.41 would give you a continuous feed of SSL negotiation activity to the console for analysis
If wanting to examine within Wireshark then the -s0 flag would be required to allow the ssldump to be ran against the packet capture as it requires the whole packet to be available