F5 DUMP
Ansible and F5
~~~~~still to edit~~~~~~~ download ansible-tower setup wget "http://releases.ansible.com/ansible-tower/setup/ansible-tower-setup-latest.tar.gz" Setup - http://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html http://docs.ansible.com/ansible-tower/3.0.3/html/quickstart/index.html tar xvf ansible-tower-setup-latest.tar.gz cd ansible-tower-setup-3.2.4/ sudo nano inventory -enter passwords in any password field sudo ./setup.sh sudo apt install python3-pip sudo apt install python-pip sudo pip install f5-sdk bigsuds netaddr deepdiffnetaddr deepdiff login in and request license and add- *video* basic setup referance https://www.youtube.com/watch?v=eu_95ItWmyE https://devcentral.f5.com/articles/dig-deeper-into-ansible-and-f5-integration-25984 ref: https://github.com/payalsin/f5-ansible/tree/master/playbooks https://devcentral.f5.com/articles/dig-deeper-into-ansible-and-f5-integration-25984 http://jsonviewer.stack.hu/ https://jsonformatter.org/yaml-validator http://warfares.github.io/pretty-json/ https://github.com/F5Networks/f5-ansible/tree/devel/library/modules https://www.youtube.com/watch?v=TsUIRtT80QU http://appsvcs-integration-iapp.readthedocs.io/en/develop/userguide/module1/module1.html |
F5 SNMP
On Ubuntu install snmpwalk using apt-get install snmp On Ubuntu install snmpwalk using snmpwalk -v2c -c public 192.168.2.21 snmpwalk -v2c -c SNMP_Community1 192.168.2.1 1.3.6.1.4.1.21067.2.1.2.4.2 https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-external-monitoring-implementations-11-3-0/8.html |
F5 connection table
#delete connection tmsh delete /sys connection cs-client-addr 172.10.50.20 #show connections show sys connection cs-client-addr 192.168.100.22 #Other options Options: all-properties exa kil peta save-to-file yotta | default gig meg raw tera zetta Properties: age cs-client-addr cs-server-addr protocol ss-client-port ss-server-port { connection-id cs-client-port cs-server-port ss-client-addr ss-server-addr type show sys connection all-properties #Examples show sys connection Really display all connections? (y/n) y Sys::Connections 10.102.0.1:58776 10.102.0.26:8 10.102.0.1:58776 10.102.0.26:8 icmp 4 (tmm: 0) none 192.168.51.11:56627 192.168.51.15:4353 192.168.51.11:56627 192.168.51.15:4353 tcp 2 (tmm: 0) none 10.102.0.1:58775 10.102.0.26:8 10.102.0.1:58775 10.102.0.26:8 icmp 9 (tmm: 1) none Total records returned: 3 donald@(ltm-t1-1-dc2)(cfg-sync Standalone)(Active)(/Common)(tmos)# show sys connection all-properties Really display all connections? (y/n) y Sys::Connections 10.102.0.1:58784 - 10.102.0.26:8 - 10.102.0.1:58784 - 10.102.0.26:8 ------------------------------------------------------------------- TMM 0 Type self Acceleration none Protocol icmp Idle Time 5 Idle Timeout 10 Unit ID 0 Lasthop /Common/vl2102 00:50:56:ab:fc:78 Virtual Path 10.102.0.26:8 Conn Id 0 ClientSide ServerSide Client Addr 10.102.0.1:58784 10.102.0.1:58784 Server Addr 10.102.0.26:8 10.102.0.26:8 Bits In 320 320 Bits Out 320 320 Packets In 1 1 Packets Out 1 1 192.168.51.11:56627 - 192.168.51.15:4353 - 192.168.51.11:56627 - 192.168.51.15:4353 ----------------------------------------------------------------------------------- TMM 0 Type self Acceleration none Protocol tcp Idle Time 2 Idle Timeout 300 Unit ID 0 Lasthop /Common/vl51 00:50:56:ab:8e:45 Virtual Path 192.168.51.15:4353 Conn Id 0 ClientSide ServerSide Client Addr 192.168.51.11:56627 192.168.51.11:56627 Server Addr 192.168.51.15:4353 192.168.51.15:4353 Bits In 97.8M 104.7M Bits Out 104.7M 97.8M Packets In 140.7K 140.6K Packets Out 140.6K 140.7K 10.102.0.1:58783 - 10.102.0.26:8 - 10.102.0.1:58783 - 10.102.0.26:8 ------------------------------------------------------------------- TMM 1 Type self Acceleration none Protocol icmp Idle Time 10 Idle Timeout 10 Unit ID 0 Lasthop /Common/vl2102 00:50:56:ab:fc:78 Virtual Path 10.102.0.26:8 Conn Id 0 ClientSide ServerSide Client Addr 10.102.0.1:58783 10.102.0.1:58783 Server Addr 10.102.0.26:8 10.102.0.26:8 Bits In 320 320 Bits Out 320 320 Packets In 1 1 Packets Out 1 1 Total records returned: 3 |
F5 TCPdump examples
Wireshark tips -Add delta time column SSLdump nuggets -Version 3.0 = SSLv3, -Version 3.1 = TLS 1.0 -Version 3.2 = TLS 1.1 -Version 3.3 = TLS 1.2 TCPdump This first dump show the external and internal conversation between the PC<-80->F5(snat)<-80->WebServer External donald@R2-D3:~/TCPdump_F5_301b/test80_80$ tcpdump -r 2018-02-28_19\:18\:29_external.bin reading from file 2018-02-28_19:18:29_external.bin, link-type EN10MB (Ethernet) 19:18:29.068432 00:00:00:00:00:00 (oui Ethernet) > 00:00:00:00:00:00 (oui Ethernet), ethertype Unknown (0x05ff), length 248: 0x0000: 4635 2d50 7365 7564 6f2d 706b 7400 434d F5-Pseudo-pkt.CM 0x0010: 443a 2074 6370 6475 6d70 202d 6920 766c D:.tcpdump.-i.vl 0x0020: 3531 202d 6320 3130 3020 2d6e 6e6e 202d 51.-c.100.-nnn.- 0x0030: 7330 202d 7676 7620 2d77 202f 7661 722f s0.-vvv.-w./var/ 0x0040: 746d 702f 3230 3138 2d30 322d 3238 5f31 tmp/2018-02-28_1 0x0050: 393a 3138 3a32 395f 6578 7465 726e 616c 9:18:29_external 0x0060: 2e62 696e 2068 6f73 7420 3139 322e 3136 .bin.host.192.16 0x0070: 382e 3130 302e 3232 2061 6e64 2031 302e 8.100.22.and.10. 0x0080: 3231 322e 302e 3236 0056 4552 3a20 3132 212.0.26.VER:.12 0x0090: 2e31 2e33 2e31 2030 2e30 2e39 0048 4f53 .1.3.1.0.0.9.HOS 0x00a0: 543a 206c 746d 2d74 312d 312d 6463 322e T:.ltm-t1-1-dc2. 0x00b0: 6d67 6d74 2e66 756c 6c70 726f 7879 2d6c mgmt.fullproxy-l 0x00c0: 6162 732e 636f 2e75 6b00 504c 4154 3a20 abs.co.uk.PLAT:. 0x00d0: 5a31 3030 0050 524f 443a 2042 4947 2d49 Z100.PROD:.BIG-I 0x00e0: 5000 5345 5353 3a20 3000 P.SESS:.0. 19:18:54.400032 IP 192.168.100.22.61957 > 10.212.0.26.http: Flags [S], seq 1099534812, win 64240, options [mss 1350,nop,wscale 8,nop,nop,sackOK], length 0 19:18:54.400099 IP 10.212.0.26.http > 192.168.100.22.61957: Flags [S.], seq 2915381692, ack 1099534813, win 4050, options [mss 1460,sackOK,eol], length 0 19:18:54.441192 IP 192.168.100.22.61957 > 10.212.0.26.http: Flags [.], ack 1, win 64240, length 0 19:18:54.441798 IP 192.168.100.22.61957 > 10.212.0.26.http: Flags [P.], seq 1:393, ack 1, win 64240, length 392: HTTP: GET / HTTP/1.1 19:18:54.441856 IP 10.212.0.26.http > 192.168.100.22.61957: Flags [.], ack 393, win 4442, length 0 19:18:54.445450 IP 10.212.0.26.http > 192.168.100.22.61957: Flags [P.], seq 1:619, ack 393, win 4442, length 618: HTTP: HTTP/1.0 200 OK 19:18:54.445460 IP 10.212.0.26.http > 192.168.100.22.61957: Flags [F.], seq 619, ack 393, win 4442, length 0 19:18:54.491530 IP 192.168.100.22.61957 > 10.212.0.26.http: Flags [F.], seq 393, ack 619, win 63622, length 0 19:18:54.491543 IP 10.212.0.26.http > 192.168.100.22.61957: Flags [.], ack 394, win 4442, length 0 19:18:54.491635 IP 192.168.100.22.61957 > 10.212.0.26.http: Flags [.], ack 620, win 63622, length 0 19:18:54.507629 IP 192.168.100.22.61958 > 10.212.0.26.http: Flags [S], seq 3928284592, win 64240, options [mss 1350,nop,wscale 8,nop,nop,sackOK], length 0 19:18:54.507687 IP 10.212.0.26.http > 192.168.100.22.61958: Flags [S.], seq 2719480176, ack 3928284593, win 4050, options [mss 1460,sackOK,eol], length 0 19:18:54.549505 IP 192.168.100.22.61958 > 10.212.0.26.http: Flags [.], ack 1, win 64240, length 0 19:18:54.549956 IP 192.168.100.22.61958 > 10.212.0.26.http: Flags [P.], seq 1:360, ack 1, win 64240, length 359: HTTP: GET /FullProxy.png HTTP/1.1 19:18:54.550011 IP 10.212.0.26.http > 192.168.100.22.61958: Flags [.], ack 360, win 4409, length 0 19:18:54.553961 IP 10.212.0.26.http > 192.168.100.22.61958: Flags [P.], seq 1:1542, ack 360, win 4409, length 1541: HTTP: HTTP/1.0 200 OK 19:18:54.557058 IP 10.212.0.26.http > 192.168.100.22.61958: Flags [P.], seq 1542:2892, ack 360, win 4409, length 1350: HTTP 19:18:54.559208 IP 10.212.0.26.http > 192.168.100.22.61958: Flags [P.], seq 2892:4242, ack 360, win 4409, length 1350: HTTP 19:18:54.561271 IP 10.212.0.26.http > 192.168.100.22.61958: Flags [P.], seq 4242:4382, ack 360, win 4409, length 140: HTTP 19:18:54.597726 IP 192.168.100.22.61958 > 10.212.0.26.http: Flags [.], ack 1542, win 64800, length 0 19:18:54.604999 IP 192.168.100.22.61958 > 10.212.0.26.http: Flags [.], ack 4382, win 64800, length 0 19:18:54.607053 IP 10.212.0.26.http > 192.168.100.22.61958: Flags [P.], seq 4382:6942, ack 360, win 4409, length 2560: HTTP 19:18:54.607058 IP 10.212.0.26.http > 192.168.100.22.61958: Flags [P.], seq 6942:12342, ack 360, win 4409, length 5400: HTTP 19:18:54.653738 IP 192.168.100.22.61958 > 10.212.0.26.http: Flags [.], ack 6942, win 64800, length 0 19:18:54.653746 IP 10.212.0.26.http > 192.168.100.22.61958: Flags [P.], seq 12342:17742, ack 360, win 4409, length 5400: HTTP 19:18:54.658839 IP 192.168.100.22.61958 > 10.212.0.26.http: Flags [.], ack 9642, win 64800, length 0 19:18:54.658845 IP 10.212.0.26.http > 192.168.100.22.61958: Flags [P.], seq 17742:21792, ack 360, win 4409, length 4050: HTTP 19:18:54.663671 IP 192.168.100.22.61958 > 10.212.0.26.http: Flags [.], ack 12342, win 64800, length 0 19:18:54.663676 IP 10.212.0.26.http > 192.168.100.22.61958: Flags [P.], seq 21792:27192, ack 360, win 4409, length 5400: HTTP 19:18:54.700822 IP 192.168.100.22.61958 > 10.212.0.26.http: Flags [.], ack 15042, win 64800, length 0 19:18:54.700829 IP 10.212.0.26.http > 192.168.100.22.61958: Flags [P.], seq 27192:33022, ack 360, win 4409, length 5830: HTTP 19:18:54.700837 IP 10.212.0.26.http > 192.168.100.22.61958: Flags [F.], seq 33022, ack 360, win 4409, length 0 19:18:54.705380 IP 192.168.100.22.61958 > 10.212.0.26.http: Flags [.], ack 17742, win 64800, length 0 19:18:54.710824 IP 192.168.100.22.61958 > 10.212.0.26.http: Flags [.], ack 20442, win 64800, length 0 19:18:54.719002 IP 192.168.100.22.61958 > 10.212.0.26.http: Flags [.], ack 23142, win 64800, length 0 19:18:54.721754 IP 192.168.100.22.61958 > 10.212.0.26.http: Flags [.], ack 25842, win 64800, length 0 19:18:54.745892 IP 192.168.100.22.61958 > 10.212.0.26.http: Flags [.], ack 28542, win 64800, length 0 19:18:54.750427 IP 192.168.100.22.61958 > 10.212.0.26.http: Flags [.], ack 31242, win 64800, length 0 19:18:54.753871 IP 192.168.100.22.61958 > 10.212.0.26.http: Flags [.], ack 33023, win 64800, length 0 19:18:54.753913 IP 192.168.100.22.61958 > 10.212.0.26.http: Flags [F.], seq 360, ack 33023, win 64800, length 0 19:18:54.753919 IP 10.212.0.26.http > 192.168.100.22.61958: Flags [.], ack 361, win 4409, length 0 Internal [donald@ltm-t1-1-dc2:Active:Standalone] ~ # tcpdump -i vl2102 host 10.102.0.10 and 10.102.0.26 -nnn -s0 -vvv tcpdump: listening on vl2102, link-type EN10MB (Ethernet), capture size 65535 bytes ^[[15~17:53:41.526913 IP (tos 0x0, ttl 255, id 48655, offset 0, flags [DF], proto TCP (6), length 48) 10.102.0.10.54871 > 10.102.0.26.80: Flags [S], cksum 0x1512 (incorrect -> 0xffa8), seq 1889474781, win 4050, options [mss 1350,sackOK,eol], length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector 17:53:41.528978 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.102.0.10 tell 10.102.0.26, length 53 in slot1/tmm0 lis= 17:53:41.528998 ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.102.0.10 is-at 00:50:56:ab:fc:78, length 53 out slot1/tmm0 lis= 17:53:41.529791 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 48) 10.102.0.26.80 > 10.102.0.10.54871: Flags [S.], cksum 0x2992 (correct), seq 3730044152, ack 1889474782, win 4380, options [mss 1460,nop,nop,sackOK], length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector 17:53:41.529801 IP (tos 0x0, ttl 255, id 48659, offset 0, flags [DF], proto TCP (6), length 40) 10.102.0.10.54871 > 10.102.0.26.80: Flags [.], cksum 0x150a (incorrect -> 0x57a0), seq 1, ack 1, win 4050, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector 17:53:41.529808 IP (tos 0x0, ttl 255, id 48661, offset 0, flags [DF], proto TCP (6), length 475) 10.102.0.10.54871 > 10.102.0.26.80: Flags [P.], cksum 0x16bd (incorrect -> 0x78b4), seq 1:436, ack 1, win 4050, length 435: HTTP, length: 435 GET / HTTP/1.1 Host: 10.212.0.26 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36 Upgrade-Insecure-Requests: 1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8 Accept-Encoding: gzip, deflate Accept-Language: en-GB,en-US;q=0.9,en;q=0.8 out slot1/tmm1 lis=/Common/Slitaz-Redirector 17:53:41.530918 IP (tos 0x0, ttl 64, id 55721, offset 0, flags [DF], proto TCP (6), length 40) 10.102.0.26.80 > 10.102.0.10.54871: Flags [.], cksum 0x50cf (correct), seq 1, ack 436, win 5360, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector 17:53:41.531218 IP (tos 0x0, ttl 64, id 55722, offset 0, flags [DF], proto TCP (6), length 229) 10.102.0.26.80 > 10.102.0.10.54871: Flags [P.], cksum 0x6fc4 (correct), seq 1:190, ack 436, win 5360, length 189: HTTP, length: 189 HTTP/1.0 200 OK Content-type: text/html Date: Thu, 01 Mar 2018 18:44:43 GMT Connection: close Accept-Ranges: bytes Last-Modified: Wed, 21 Feb 2018 15:20:13 GMT Content-length: 429 in slot1/tmm1 lis=/Common/Slitaz-Redirector 17:53:41.531220 IP (tos 0x0, ttl 64, id 55723, offset 0, flags [DF], proto TCP (6), length 469) 10.102.0.26.80 > 10.102.0.10.54871: Flags [FP.], cksum 0x3ba4 (correct), seq 190:619, ack 436, win 5360, length 429: HTTP in slot1/tmm1 lis=/Common/Slitaz-Redirector 17:53:41.531231 IP (tos 0x0, ttl 255, id 48666, offset 0, flags [DF], proto TCP (6), length 40) 10.102.0.10.54871 > 10.102.0.26.80: Flags [.], cksum 0x150a (incorrect -> 0x5473), seq 436, ack 190, win 4239, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector 17:53:41.531238 IP (tos 0x0, ttl 255, id 48669, offset 0, flags [DF], proto TCP (6), length 40) 10.102.0.10.54871 > 10.102.0.26.80: Flags [.], cksum 0x150a (incorrect -> 0x5118), seq 436, ack 620, win 4668, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector 17:53:41.623604 IP (tos 0x0, ttl 255, id 48673, offset 0, flags [DF], proto TCP (6), length 40) 10.102.0.10.54871 > 10.102.0.26.80: Flags [F.], cksum 0x150a (incorrect -> 0x5117), seq 436, ack 620, win 4668, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector 17:53:41.624147 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 40) 10.102.0.26.80 > 10.102.0.10.54871: Flags [.], cksum 0x4e63 (correct), seq 620, ack 437, win 5360, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector ^C 13 packets captured 13 packets received by filter 0 packets dropped by kernel Client tries to connect to port 80 when the VS is set to port 443 - this produces a repeated SYN [S] from the client and a RESET ACK [R.] from the F5 - See below [donald@ltm-t1-1-dc2:Active:Standalone] ~ # tcpdump -r /var/tmp/external_80_should_be_4432018-02-28_20\:57\:28.bin reading from file /var/tmp/external_80_should_be_4432018-02-28_20:57:28.bin, link-type EN10MB (Ethernet) 20:57:28.112772 00:00:00:00:00:00 (oui Ethernet) > 00:00:00:00:00:00 (oui Ethernet), ethertype Unknown (0x05ff), length 244: 0x0000: 4635 2d50 7365 7564 6f2d 706b 7400 434d F5-Pseudo-pkt.CM 0x0010: 443a 2074 6370 6475 6d70 202d 6920 766c D:.tcpdump.-i.vl 0x0020: 3531 202d 7676 7620 2d6e 6e6e 202d 7330 51.-vvv.-nnn.-s0 0x0030: 202d 7020 2d77 202f 7661 722f 746d 702f .-p.-w./var/tmp/ 0x0040: 6578 7465 726e 616c 5f38 305f 7368 6f75 external_80_shou 0x0050: 6c64 5f62 655f 3434 3332 3031 382d 3032 ld_be_4432018-02 0x0060: 2d32 385f 3230 3a35 373a 3238 2e62 696e -28_20:57:28.bin 0x0070: 2068 6f73 7420 3139 322e 3136 382e 3130 .host.192.168.10 0x0080: 302e 3232 0056 4552 3a20 3132 2e31 2e33 0.22.VER:.12.1.3 0x0090: 2e31 2030 2e30 2e39 0048 4f53 543a 206c .1.0.0.9.HOST:.l 0x00a0: 746d 2d74 312d 312d 6463 322e 6d67 6d74 tm-t1-1-dc2.mgmt 0x00b0: 2e66 756c 6c70 726f 7879 2d6c 6162 732e .fullproxy-labs. 0x00c0: 636f 2e75 6b00 504c 4154 3a20 5a31 3030 co.uk.PLAT:.Z100 0x00d0: 0050 524f 443a 2042 4947 2d49 5000 5345 .PROD:.BIG-IP.SE 0x00e0: 5353 3a20 3000 SS:.0. 20:57:35.166451 IP 192.168.100.22.63144 > 10.212.0.26.http: Flags [S], seq 3768668688, win 64240, options [mss 1350,nop,wscale 8,nop,nop,sackOK], length 0 in slot1/tmm0 lis= 20:57:35.166486 IP 10.212.0.26.http > 192.168.100.22.63144: Flags [R.], seq 0, ack 3768668689, win 0, length 0 out slot1/tmm0 lis= 20:57:35.417458 IP 192.168.100.22.63145 > 10.212.0.26.http: Flags [S], seq 725762412, win 64240, options [mss 1350,nop,wscale 8,nop,nop,sackOK], length 0 in slot1/tmm1 lis= 20:57:35.417483 IP 10.212.0.26.http > 192.168.100.22.63145: Flags [R.], seq 0, ack 725762413, win 0, length 0 out slot1/tmm1 lis= 20:57:35.707186 IP 192.168.100.22.63144 > 10.212.0.26.http: Flags [S], seq 3768668688, win 64240, options [mss 1350,nop,wscale 8,nop,nop,sackOK], length 0 in slot1/tmm0 lis= 20:57:35.707209 IP 10.212.0.26.http > 192.168.100.22.63144: Flags [R.], seq 0, ack 1, win 0, length 0 out slot1/tmm0 lis= 20:57:35.958859 IP 192.168.100.22.63145 > 10.212.0.26.http: Flags [S], seq 725762412, win 64240, options [mss 1350,nop,wscale 8,nop,nop,sackOK], length 0 in slot1/tmm1 lis= 20:57:35.958881 IP 10.212.0.26.http > 192.168.100.22.63145: Flags [R.], seq 0, ack 1, win 0, length 0 out slot1/tmm1 lis= 20:57:36.247422 IP 192.168.100.22.63144 > 10.212.0.26.http: Flags [S], seq 3768668688, win 64240, options [mss 1350,nop,wscale 8,nop,nop,sackOK], length 0 in slot1/tmm0 lis= 20:57:36.247466 IP 10.212.0.26.http > 192.168.100.22.63144: Flags [R.], seq 0, ack 1, win 0, length 0 out slot1/tmm0 lis= 20:57:36.501120 IP 192.168.100.22.63145 > 10.212.0.26.http: Flags [S], seq 725762412, win 64240, options [mss 1350,nop,wscale 8,nop,nop,sackOK], length 0 in slot1/tmm1 lis= 20:57:36.501158 IP 10.212.0.26.http > 192.168.100.22.63145: Flags [R.], seq 0, ack 1, win 0, length 0 out slot1/tmm1 lis= #! Client tries to connect to port 443 when the VS is set to port 443 but with no SSL profile - this produces a conversation with minimal traffic - See below - Followed by an ssldump of the same connection showing the client hello followed by nothing as the VS has no client ssl profile. [donald@ltm-t1-1-dc2:Active:Standalone] ~ # tcpdump -r /var/tmp/external_443_without_Client-ssl_2018-02-28_21\:55\:15.bin reading from file /var/tmp/external_443_without_Client-ssl_2018-02-28_21:55:15.bin, link-type EN10MB (Ethernet) 21:55:15.487030 00:00:00:00:00:00 (oui Ethernet) > 00:00:00:00:00:00 (oui Ethernet), ethertype Unknown (0x05ff), length 251: 0x0000: 4635 2d50 7365 7564 6f2d 706b 7400 434d F5-Pseudo-pkt.CM 0x0010: 443a 2074 6370 6475 6d70 202d 6920 766c D:.tcpdump.-i.vl 0x0020: 3531 202d 7676 7620 2d6e 6e6e 202d 7330 51.-vvv.-nnn.-s0 0x0030: 202d 7020 2d77 202f 7661 722f 746d 702f .-p.-w./var/tmp/ 0x0040: 6578 7465 726e 616c 5f34 3433 5f77 6974 external_443_wit 0x0050: 686f 7574 5f43 6c69 656e 742d 7373 6c5f hout_Client-ssl_ 0x0060: 3230 3138 2d30 322d 3238 5f32 313a 3535 2018-02-28_21:55 0x0070: 3a31 352e 6269 6e20 686f 7374 2031 3932 :15.bin.host.192 0x0080: 2e31 3638 2e31 3130 2e31 3200 5645 523a .168.110.12.VER: 0x0090: 2031 322e 312e 332e 3120 302e 302e 3900 .12.1.3.1.0.0.9. 0x00a0: 484f 5354 3a20 6c74 6d2d 7431 2d31 2d64 HOST:.ltm-t1-1-d 0x00b0: 6332 2e6d 676d 742e 6675 6c6c 7072 6f78 c2.mgmt.fullprox 0x00c0: 792d 6c61 6273 2e63 6f2e 756b 0050 4c41 y-labs.co.uk.PLA 0x00d0: 543a 205a 3130 3000 5052 4f44 3a20 4249 T:.Z100.PROD:.BI 0x00e0: 472d 4950 0053 4553 533a 2030 00 G-IP.SESS:.0. 21:55:19.586307 IP 192.168.110.12.55465 > 10.212.0.26.https: Flags [S], seq 526468216, win 64240, options [mss 1350,nop,wscale 8,nop,nop,sackOK], length 0 in slot1/tmm0 lis= 21:55:19.586345 IP 10.212.0.26.https > 192.168.110.12.55465: Flags [S.], seq 4095559000, ack 526468217, win 4050, options [mss 1460,sackOK,eol], length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector 21:55:19.627656 IP 192.168.110.12.55465 > 10.212.0.26.https: Flags [.], ack 1, win 64240, length 0 in slot1/tmm0 lis=/Common/Slitaz-Redirector 21:55:19.627815 IP 192.168.110.12.55465 > 10.212.0.26.https: Flags P.], seq 1:169, ack 1, win 64240, length 168 in slot1/tmm0 lis=/Common/Slitaz-Redirector 21:55:19.627826 IP 10.212.0.26.https > 192.168.110.12.55465: Flags [.], ack 169, win 4218, length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector 21:55:29.669054 IP 192.168.110.12.55465 > 10.212.0.26.https: Flags [.], seq 168:169, ack 1, win 64240, length 1 in slot1/tmm0 lis=/Common/Slitaz-Redirector 21:55:29.669066 IP 10.212.0.26.https > 192.168.110.12.55465: Flags [.], ack 169, win 4218, length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector 21:55:39.711098 IP 192.168.110.12.55465 > 10.212.0.26.https: Flags [.], seq 168:169, ack 1, win 64240, length 1 in slot1/tmm0 lis=/Common/Slitaz-Redirector 21:55:39.711110 IP 10.212.0.26.https > 192.168.110.12.55465: Flags [.], ack 169, win 4218, length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector 21:55:49.751761 IP 192.168.110.12.55465 > 10.212.0.26.https: Flags [.], seq 168:169, ack 1, win 64240, length 1 in slot1/tmm0 lis=/Common/Slitaz-Redirector 21:55:49.751773 IP 10.212.0.26.https > 192.168.110.12.55465: Flags [.], ack 169, win 4218, length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector 21:55:58.585769 IP 192.168.110.12.55465 > 10.212.0.26.https: Flags [F.], seq 169, ack 1, win 64240, length 0 in slot1/tmm0 lis=/Common/Slitaz-Redirector 21:55:58.585786 IP 10.212.0.26.https > 192.168.110.12.55465: Flags [.], ack 170, win 4218, length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector 21:55:58.585790 IP 10.212.0.26.https > 192.168.110.12.55465: Flags [F.], seq 1, ack 170, win 4218, length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector 21:55:58.627333 IP 192.168.110.12.55465 > 10.212.0.26.https: Flags [.], ack 2, win 64240, length 0 in slot1/tmm0 lis=/Common/Slitaz-Redirector SSLDUMP [donald@ltm-t1-1-dc2:Active:Standalone] ~ # ssldump -AedH -i vl51 host 192.168.110.12 New TCP connection #1: 192.168.110.12(55555) <-> 10.212.0.26(443) 1 1 1519855921.8432 (0.0427) C>SV3.1(163) Handshake ClientHello Version 3.3 random[32]= 06 e1 0c c9 16 05 3a a2 43 ac c0 4a c0 65 4b 82 d4 45 06 df 52 da 8d 3f 90 6f 91 44 bf 46 9d 72 cipher suites TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 Unknown value 0xcca9 Unknown value 0xcca8 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA compression methods NULL Client tries to connect to port 443 again once the SSL profile has been applied - this produces a conversation with a lot more data as the webpage is now being served and recieved - See below - Followed by an ssldump of the same connection showing a full ssl handshake followed by encrypted application data. [donald@ltm-t1-1-dc2:Active:Standalone] ~ # tcpdump -r /var/tmp/external_443_SSLprofile_applied_2018-03-01_11\:43\:51.bin reading from file /var/tmp/external_443_SSLprofile_applied_2018-03-01_11:43:51.bin, link-type EN10MB (Ethernet) 11:43:51.978072 00:00:00:00:00:00 (oui Ethernet) > 00:00:00:00:00:00 (oui Ethernet), ethertype Unknown (0x05ff), length 234: 0x0000: 4635 2d50 7365 7564 6f2d 706b 7400 434d F5-Pseudo-pkt.CM 0x0010: 443a 2074 6370 6475 6d70 202d 6920 766c D:.tcpdump.-i.vl 0x0020: 3531 202d 7720 2f76 6172 2f74 6d70 2f65 51.-w./var/tmp/e 0x0030: 7874 6572 6e61 6c5f 3434 335f 5353 4c70 xternal_443_SSLp 0x0040: 726f 6669 6c65 5f61 7070 6c69 6564 5f32 rofile_applied_2 0x0050: 3031 382d 3033 2d30 315f 3131 3a34 333a 018-03-01_11:43: 0x0060: 3531 2e62 696e 2068 6f73 7420 3139 322e 51.bin.host.192. 0x0070: 3136 382e 3130 302e 3232 0056 4552 3a20 168.100.22.VER:. 0x0080: 3132 2e31 2e33 2e31 2030 2e30 2e39 0048 12.1.3.1.0.0.9.H 0x0090: 4f53 543a 206c 746d 2d74 312d 312d 6463 OST:.ltm-t1-1-dc 0x00a0: 322e 6d67 6d74 2e66 756c 6c70 726f 7879 2.mgmt.fullproxy 0x00b0: 2d6c 6162 732e 636f 2e75 6b00 504c 4154 -labs.co.uk.PLAT 0x00c0: 3a20 5a31 3030 0050 524f 443a 2042 4947 :.Z100.PROD:.BIG 0x00d0: 2d49 5000 5345 5353 3a20 3000 -IP.SESS:.0. 11:44:18.659827 IP 192.168.100.22.50795 > 10.212.0.26.https: Flags [S], seq 2173373102, win 64240, options [mss 1350,nop,wscale 8,nop,nop,sackOK], length 0 in slot1/tmm0 lis= 11:44:18.659866 IP 10.212.0.26.https > 192.168.100.22.50795: Flags [S.], seq 1052002990, ack 2173373103, win 4050, options [mss 1460,sackOK,eol], length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector 11:44:18.700507 IP 192.168.100.22.50795 > 10.212.0.26.https: Flags [.], ack 1, win 64240, length 0 in slot1/tmm0 lis=/Common/Slitaz-Redirector 11:44:18.701331 IP 192.168.100.22.50795 > 10.212.0.26.https: Flags [P.], seq 1:180, ack 1, win 64240, length 179 in slot1/tmm0 lis=/Common/Slitaz-Redirector 11:44:18.704968 IP 10.212.0.26.https > 192.168.100.22.50795: Flags [P.], seq 1:1057, ack 180, win 4050, length 1056 out slot1/tmm0 lis=/Common/Slitaz-Redirector 11:44:18.750412 IP 192.168.100.22.50795 > 10.212.0.26.https: Flags [P.], seq 180:498, ack 1057, win 64800, length 318 in slot1/tmm0 lis=/Common/Slitaz-Redirector 11:44:18.750433 IP 10.212.0.26.https > 192.168.100.22.50795: Flags [.], ack 498, win 4547, length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector 11:44:18.753297 IP 10.212.0.26.https > 192.168.100.22.50795: Flags [P.], seq 1057:1063, ack 498, win 4547, length 6 out slot1/tmm0 lis=/Common/Slitaz-Redirector 11:44:18.753304 IP 10.212.0.26.https > 192.168.100.22.50795: Flags [P.], seq 1063:1108, ack 498, win 4547, length 45 out slot1/tmm0 lis=/Common/Slitaz-Redirector 11:44:18.794241 IP 192.168.100.22.50795 > 10.212.0.26.https: Flags [.], ack 1108, win 64749, length 0 in slot1/tmm0 lis=/Common/Slitaz-Redirector 11:44:18.796563 IP 192.168.100.22.50795 > 10.212.0.26.https: Flags [F.], seq 498, ack 1108, win 64749, length 0 in slot1/tmm0 lis=/Common/Slitaz-Redirector 11:44:18.796576 IP 10.212.0.26.https > 192.168.100.22.50795: Flags [.], ack 499, win 4547, length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector 11:44:18.796578 IP 10.212.0.26.https > 192.168.100.22.50795: Flags [F.], seq 1108, ack 499, win 4547, length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector 11:44:18.838623 IP 192.168.100.22.50795 > 10.212.0.26.https: Flags [.], ack 1109, win 64749, length 0 in slot1/tmm0 lis=/Common/Slitaz-Redirector 11:44:21.625407 IP 192.168.100.22.50796 > 10.212.0.26.https: Flags [S], seq 2665896139, win 64240, options [mss 1350,nop,wscale 8,nop,nop,sackOK], length 0 in slot1/tmm1 lis= 11:44:21.625507 IP 10.212.0.26.https > 192.168.100.22.50796: Flags [S.], seq 1649784331, ack 2665896140, win 4050, options [mss 1460,sackOK,eol], length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:21.666772 IP 192.168.100.22.50796 > 10.212.0.26.https: Flags [.], ack 1, win 64240, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:21.667215 IP 192.168.100.22.50796 > 10.212.0.26.https: Flags [P.], seq 1:180, ack 1, win 64240, length 179 in slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:21.669904 IP 10.212.0.26.https > 192.168.100.22.50796: Flags [P.], seq 1:1057, ack 180, win 4050, length 1056 out slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:21.715332 IP 192.168.100.22.50796 > 10.212.0.26.https: Flags [P.], seq 180:498, ack 1057, win 64800, length 318 in slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:21.715369 IP 10.212.0.26.https > 192.168.100.22.50796: Flags [.], ack 498, win 4547, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:21.718202 IP 10.212.0.26.https > 192.168.100.22.50796: Flags [P.], seq 1057:1063, ack 498, win 4547, length 6 out slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:21.718209 IP 10.212.0.26.https > 192.168.100.22.50796: Flags [P.], seq 1063:1108, ack 498, win 4547, length 45 out slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:21.759350 IP 192.168.100.22.50796 > 10.212.0.26.https: Flags [.], ack 1108, win 64749, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:21.760603 IP 192.168.100.22.50796 > 10.212.0.26.https: Flags [P.], seq 498:949, ack 1108, win 64749, length 451 in slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:21.760610 IP 10.212.0.26.https > 192.168.100.22.50796: Flags [.], ack 949, win 4998, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:21.765205 IP 10.212.0.26.https > 192.168.100.22.50796: Flags [P.], seq 1108:1755, ack 949, win 4998, length 647 out slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:21.765210 IP 10.212.0.26.https > 192.168.100.22.50796: Flags [F.], seq 1755, ack 949, win 4998, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:21.806707 IP 192.168.100.22.50796 > 10.212.0.26.https: Flags [.], ack 1108, win 64749, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:21.807603 IP 192.168.100.22.50796 > 10.212.0.26.https: Flags [.], ack 1756, win 64102, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:21.814426 IP 192.168.100.22.50796 > 10.212.0.26.https: Flags [F.], seq 949, ack 1756, win 64102, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:21.814437 IP 10.212.0.26.https > 192.168.100.22.50796: Flags [.], ack 950, win 4998, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:21.844007 IP 192.168.100.22.50797 > 10.212.0.26.https: Flags [S], seq 3461653776, win 64240, options [mss 1350,nop,wscale 8,nop,nop,sackOK], length 0 in slot1/tmm0 lis= 11:44:21.844032 IP 10.212.0.26.https > 192.168.100.22.50797: Flags [S.], seq 3059995708, ack 3461653777, win 4050, options [mss 1460,sackOK,eol], length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector 11:44:21.885414 IP 192.168.100.22.50797 > 10.212.0.26.https: Flags [.], ack 1, win 64240, length 0 in slot1/tmm0 lis=/Common/Slitaz-Redirector 11:44:21.885817 IP 192.168.100.22.50797 > 10.212.0.26.https: Flags [P.], seq 1:212, ack 1, win 64240, length 211 in slot1/tmm0 lis=/Common/Slitaz-Redirector 11:44:21.885839 IP 10.212.0.26.https > 192.168.100.22.50797: Flags [.], ack 212, win 4261, length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector 11:44:21.886898 IP 10.212.0.26.https > 192.168.100.22.50797: Flags [P.], seq 1:93, ack 212, win 4261, length 92 out slot1/tmm0 lis=/Common/Slitaz-Redirector 11:44:21.887926 IP 10.212.0.26.https > 192.168.100.22.50797: Flags [P.], seq 93:138, ack 212, win 4261, length 45 out slot1/tmm0 lis=/Common/Slitaz-Redirector 11:44:21.928420 IP 192.168.100.22.50797 > 10.212.0.26.https: Flags [.], ack 138, win 64103, length 0 in slot1/tmm0 lis=/Common/Slitaz-Redirector 11:44:21.928594 IP 192.168.100.22.50797 > 10.212.0.26.https: Flags [P.], seq 212:263, ack 138, win 64103, length 51 in slot1/tmm0 lis=/Common/Slitaz-Redirector 11:44:21.928600 IP 10.212.0.26.https > 192.168.100.22.50797: Flags [.], ack 263, win 4312, length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector 11:44:21.928629 IP 192.168.100.22.50797 > 10.212.0.26.https: Flags [F.], seq 263, ack 138, win 64103, length 0 in slot1/tmm0 lis=/Common/Slitaz-Redirector 11:44:21.928643 IP 10.212.0.26.https > 192.168.100.22.50797: Flags [.], ack 264, win 4312, length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector 11:44:21.929673 IP 10.212.0.26.https > 192.168.100.22.50797: Flags [.], ack 264, win 4312, length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector 11:44:21.929683 IP 10.212.0.26.https > 192.168.100.22.50797: Flags [F.], seq 138, ack 264, win 4312, length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector 11:44:21.930966 IP 192.168.100.22.50798 > 10.212.0.26.https: Flags [S], seq 4069631451, win 64240, options [mss 1350,nop,wscale 8,nop,nop,sackOK], length 0 in slot1/tmm1 lis= 11:44:21.931010 IP 10.212.0.26.https > 192.168.100.22.50798: Flags [S.], seq 2885903674, ack 4069631452, win 4050, options [mss 1460,sackOK,eol], length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:21.970058 IP 192.168.100.22.50797 > 10.212.0.26.https: Flags [.], ack 139, win 64103, length 0 in slot1/tmm0 lis=/Common/Slitaz-Redirector 11:44:21.972058 IP 192.168.100.22.50798 > 10.212.0.26.https: Flags [.], ack 1, win 64240, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:21.972521 IP 192.168.100.22.50798 > 10.212.0.26.https: Flags [P.], seq 1:212, ack 1, win 64240, length 211 in slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:21.972565 IP 10.212.0.26.https > 192.168.100.22.50798: Flags [P.], seq 1:93, ack 212, win 4050, length 92 out slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:21.973588 IP 10.212.0.26.https > 192.168.100.22.50798: Flags [P.], seq 93:138, ack 212, win 4261, length 45 out slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:22.014671 IP 192.168.100.22.50798 > 10.212.0.26.https: Flags [.], ack 138, win 64103, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:22.014850 IP 192.168.100.22.50798 > 10.212.0.26.https: Flags [P.], seq 212:263, ack 138, win 64103, length 51 in slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:22.014858 IP 10.212.0.26.https > 192.168.100.22.50798: Flags [.], ack 263, win 4312, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:22.014981 IP 10.212.0.26.https > 192.168.100.22.50798: Flags [.], ack 263, win 4312, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:22.014994 IP 192.168.100.22.50798 > 10.212.0.26.https: Flags [P.], seq 263:656, ack 138, win 64103, length 393 in slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:22.015004 IP 10.212.0.26.https > 192.168.100.22.50798: Flags [.], ack 656, win 4705, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:22.020772 IP 10.212.0.26.https > 192.168.100.22.50798: Flags [P.], seq 138:1708, ack 656, win 4705, length 1570 out slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:22.022851 IP 10.212.0.26.https > 192.168.100.22.50798: Flags [P.], seq 1708:3087, ack 656, win 4705, length 1379 out slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:22.026020 IP 10.212.0.26.https > 192.168.100.22.50798: Flags [P.], seq 3087:4466, ack 656, win 4705, length 1379 out slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:22.028085 IP 10.212.0.26.https > 192.168.100.22.50798: Flags [P.], seq 4466:4479, ack 656, win 4705, length 13 out slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:22.029229 IP 10.212.0.26.https > 192.168.100.22.50798: Flags [P.], seq 4479:4656, ack 656, win 4705, length 177 out slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:22.064502 IP 192.168.100.22.50798 > 10.212.0.26.https: Flags [.], ack 1708, win 64800, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:22.067665 IP 192.168.100.22.50798 > 10.212.0.26.https: Flags [.], ack 3087, win 64800, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:22.073240 IP 192.168.100.22.50798 > 10.212.0.26.https: Flags [.], ack 4656, win 64800, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:22.073256 IP 10.212.0.26.https > 192.168.100.22.50798: Flags [P.], seq 4656:7237, ack 656, win 4705, length 2581 out slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:22.073259 IP 10.212.0.26.https > 192.168.100.22.50798: Flags [P.], seq 7237:9995, ack 656, win 4705, length 2758 out slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:22.073262 IP 10.212.0.26.https > 192.168.100.22.50798: Flags [P.], seq 9995:12753, ack 656, win 4705, length 2758 out slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:22.120668 IP 192.168.100.22.50798 > 10.212.0.26.https: Flags [.], ack 7237, win 64800, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:22.120674 IP 10.212.0.26.https > 192.168.100.22.50798: Flags [P.], seq 12753:18240, ack 656, win 4705, length 5487 out slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:22.124323 IP 192.168.100.22.50798 > 10.212.0.26.https: Flags [.], ack 9995, win 64800, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:22.124328 IP 10.212.0.26.https > 192.168.100.22.50798: Flags [P.], seq 18240:22348, ack 656, win 4705, length 4108 out slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:22.128117 IP 192.168.100.22.50798 > 10.212.0.26.https: Flags [.], ack 11345, win 64800, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:22.128122 IP 10.212.0.26.https > 192.168.100.22.50798: Flags [P.], seq 22348:25077, ack 656, win 4705, length 2729 out slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:22.130173 IP 192.168.100.22.50798 > 10.212.0.26.https: Flags [.], ack 12753, win 64800, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:22.130178 IP 10.212.0.26.https > 192.168.100.22.50798: Flags [P.], seq 25077:29800, ack 656, win 4705, length 4723 out slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:22.167549 IP 192.168.100.22.50798 > 10.212.0.26.https: Flags [.], ack 15453, win 64800, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:22.167555 IP 10.212.0.26.https > 192.168.100.22.50798: Flags [P.], seq 29800:33710, ack 656, win 4705, length 3910 out slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:22.167563 IP 10.212.0.26.https > 192.168.100.22.50798: Flags [F.], seq 33710, ack 656, win 4705, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:22.172328 IP 192.168.100.22.50798 > 10.212.0.26.https: Flags [.], ack 18240, win 64800, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:22.175747 IP 192.168.100.22.50798 > 10.212.0.26.https: Flags [.], ack 19590, win 64800, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:22.181214 IP 192.168.100.22.50798 > 10.212.0.26.https: Flags [.], ack 22348, win 64800, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:22.182522 IP 192.168.100.22.50798 > 10.212.0.26.https: Flags [.], ack 23698, win 64800, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:22.185282 IP 192.168.100.22.50798 > 10.212.0.26.https: Flags [.], ack 25077, win 64800, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:22.191449 IP 192.168.100.22.50798 > 10.212.0.26.https: Flags [.], ack 27777, win 64800, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:22.194209 IP 192.168.100.22.50798 > 10.212.0.26.https: Flags [.], ack 29800, win 64800, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:22.215154 IP 192.168.100.22.50798 > 10.212.0.26.https: Flags [.], ack 32500, win 64800, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:22.215974 IP 192.168.100.22.50798 > 10.212.0.26.https: Flags [.], ack 32500, win 64800, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:22.217459 IP 192.168.100.22.50798 > 10.212.0.26.https: Flags [.], ack 33711, win 63590, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:22.218504 IP 192.168.100.22.50798 > 10.212.0.26.https: Flags [F.], seq 656, ack 33711, win 63590, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:22.218512 IP 10.212.0.26.https > 192.168.100.22.50798: Flags [.], ack 657, win 4705, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:22.302217 IP 192.168.100.22.50801 > 10.212.0.26.https: Flags [S], seq 1239287547, win 64240, options [mss 1350,nop,wscale 8,nop,nop,sackOK], length 0 in slot1/tmm0 lis= 11:44:22.302246 IP 10.212.0.26.https > 192.168.100.22.50801: Flags [S.], seq 624260181, ack 1239287548, win 4050, options [mss 1460,sackOK,eol], length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector 11:44:22.342595 IP 192.168.100.22.50801 > 10.212.0.26.https: Flags [.], ack 1, win 64240, length 0 in slot1/tmm0 lis=/Common/Slitaz-Redirector 11:44:22.343697 IP 192.168.100.22.50801 > 10.212.0.26.https: Flags [P.], seq 1:212, ack 1, win 64240, length 211 in slot1/tmm0 lis=/Common/Slitaz-Redirector 11:44:22.343716 IP 10.212.0.26.https > 192.168.100.22.50801: Flags [.], ack 212, win 4261, length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector 11:44:22.344784 IP 10.212.0.26.https > 192.168.100.22.50801: Flags [P.], seq 1:93, ack 212, win 4261, length 92 out slot1/tmm0 lis=/Common/Slitaz-Redirector 11:44:22.345826 IP 10.212.0.26.https > 192.168.100.22.50801: Flags [P.], seq 93:138, ack 212, win 4261, length 45 out slot1/tmm0 lis=/Common/Slitaz-Redirector 11:44:22.386048 IP 192.168.100.22.50801 > 10.212.0.26.https: Flags [.], ack 138, win 64103, length 0 in slot1/tmm0 lis=/Common/Slitaz-Redirector 11:44:22.386661 IP 192.168.100.22.50801 > 10.212.0.26.https: Flags [P.], seq 212:263, ack 138, win 64103, length 51 in slot1/tmm0 lis=/Common/Slitaz-Redirector 11:44:22.386669 IP 10.212.0.26.https > 192.168.100.22.50801: Flags [.], ack 263, win 4312, length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector 11:44:22.386874 IP 192.168.100.22.50801 > 10.212.0.26.https: Flags [F.], seq 263, ack 138, win 64103, length 0 in slot1/tmm0 lis=/Common/Slitaz-Redirector 11:44:22.386886 IP 10.212.0.26.https > 192.168.100.22.50801: Flags [.], ack 264, win 4312, length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector 11:44:22.387919 IP 10.212.0.26.https > 192.168.100.22.50801: Flags [.], ack 264, win 4312, length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector 11:44:22.387931 IP 10.212.0.26.https > 192.168.100.22.50801: Flags [F.], seq 138, ack 264, win 4312, length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector 11:44:22.390118 IP 192.168.100.22.50802 > 10.212.0.26.https: Flags [S], seq 527761147, win 64240, options [mss 1350,nop,wscale 8,nop,nop,sackOK], length 0 in slot1/tmm1 lis= 11:44:22.390166 IP 10.212.0.26.https > 192.168.100.22.50802: Flags [S.], seq 1145275000, ack 527761148, win 4050, options [mss 1460,sackOK,eol], length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:22.428843 IP 192.168.100.22.50801 > 10.212.0.26.https: Flags [.], ack 139, win 64103, length 0 in slot1/tmm0 lis=/Common/Slitaz-Redirector 11:44:22.431307 IP 192.168.100.22.50802 > 10.212.0.26.https: Flags [.], ack 1, win 64240, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:22.431742 IP 192.168.100.22.50802 > 10.212.0.26.https: Flags [P.], seq 1:212, ack 1, win 64240, length 211 in slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:22.431783 IP 10.212.0.26.https > 192.168.100.22.50802: Flags [P.], seq 1:93, ack 212, win 4050, length 92 out slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:22.432806 IP 10.212.0.26.https > 192.168.100.22.50802: Flags [P.], seq 93:138, ack 212, win 4261, length 45 out slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:22.477357 IP 192.168.100.22.50802 > 10.212.0.26.https: Flags [.], ack 138, win 64103, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:22.477413 IP 192.168.100.22.50802 > 10.212.0.26.https: Flags [P.], seq 212:263, ack 138, win 64103, length 51 in slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:22.477423 IP 10.212.0.26.https > 192.168.100.22.50802: Flags [.], ack 263, win 4312, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:22.478476 IP 10.212.0.26.https > 192.168.100.22.50802: Flags [.], ack 263, win 4312, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:22.478581 IP 192.168.100.22.50802 > 10.212.0.26.https: Flags [P.], seq 263:654, ack 138, win 64103, length 391 in slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:22.478588 IP 10.212.0.26.https > 192.168.100.22.50802: Flags [.], ack 654, win 4703, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:22.484275 IP 10.212.0.26.https > 192.168.100.22.50802: Flags [P.], seq 138:398, ack 654, win 4703, length 260 out slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:22.484278 IP 10.212.0.26.https > 192.168.100.22.50802: Flags [F.], seq 398, ack 654, win 4703, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:22.525381 IP 192.168.100.22.50802 > 10.212.0.26.https: Flags [.], ack 399, win 63843, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:22.528754 IP 192.168.100.22.50802 > 10.212.0.26.https: Flags [F.], seq 654, ack 399, win 63843, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector 11:44:22.528763 IP 10.212.0.26.https > 192.168.100.22.50802: Flags [.], ack 655, win 4703, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector SSLDUMP [donald@ltm-t1-1-dc2:Active:Standalone] ~ # ssldump -AedH -i vl51 host 192.168.100.22 New TCP connection #1: 192.168.100.22(50813) <-> 10.212.0.26(443) 1 1 1519904858.3651 (0.0413) C>SV3.1(174) Handshake ClientHello Version 3.3 random[32]= 6e 8b bd 2d 09 25 17 1e d5 6f 50 b0 76 dc de e4 44 30 52 6c 22 b0 ff 20 b6 bc da 97 69 54 41 40 cipher suites Unknown value 0x6a6a TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Unknown value 0xcca9 Unknown value 0xcca8 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_256_GCM_SHA384 TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA compression methods NULL 1 2 1519904858.3652 (0.0000) S>CV3.3(81) Handshake ServerHello Version 3.3 random[32]= ce 56 7a 24 dc 45 63 0d 3a 66 33 24 57 ac c4 c0 ec 33 43 4b 0a c4 08 9b 74 76 a5 65 2a 16 3d d8 session_id[32]= 20 ff 53 89 55 a3 a6 cc c9 86 3b 51 7c ab 0e 15 4e 5e e1 3d 98 e2 b5 79 72 61 9d bb cc bb de a5 cipherSuite TLS_RSA_WITH_AES_256_GCM_SHA384 compressionMethod NULL 1 3 1519904858.3652 (0.0000) S>CV3.3(956) Handshake Certificate 1 4 1519904858.3652 (0.0000) S>CV3.3(4) Handshake ServerHelloDone 1 5 1519904858.4139 (0.0487) C>SV3.3(262) Handshake ClientKeyExchange 1 6 1519904858.4139 (0.0000) C>SV3.3(1) ChangeCipherSpec 1 7 1519904858.4139 (0.0000) C>SV3.3(40) Handshake 1 8 1519904858.4163 (0.0023) S>CV3.3(1) ChangeCipherSpec 1 9 1519904858.4163 (0.0000) S>CV3.3(40) Handshake 1 1519904858.4577 (0.0413) C>S TCP FIN 1 1519904858.4577 (0.0000) S>C TCP FIN New TCP connection #2: 192.168.100.22(50814) <-> 10.212.0.26(443) 2 1 1519904858.5034 (0.0422) C>SV3.1(174) Handshake ClientHello Version 3.3 random[32]= 6f 4f ed 9e 9d 0a db dc 2d 62 e2 fd 8b 71 ea 3d d7 43 0c 13 b2 ee 14 0c 25 b1 13 5e fb 6b 01 fb cipher suites Unknown value 0x6a6a TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Unknown value 0xcca9 Unknown value 0xcca8 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_256_GCM_SHA384 TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA compression methods NULL 2 2 1519904858.5034 (0.0000) S>CV3.3(81) Handshake ServerHello Version 3.3 random[32]= 27 ae 3c 36 29 18 9c 06 c4 4e 34 8f 54 55 5d 98 99 20 38 e0 a8 d6 48 3b 47 70 40 31 b1 0c 24 3e session_id[32]= 5b fe 44 e0 be 12 48 15 63 67 8c 88 47 fa 11 3d ea ad 91 d9 b0 81 9d 8d 19 c0 8a 82 57 ca a1 8c cipherSuite TLS_RSA_WITH_AES_256_GCM_SHA384 compressionMethod NULL 2 3 1519904858.5034 (0.0000) S>CV3.3(956) Handshake Certificate 2 4 1519904858.5034 (0.0000) S>CV3.3(4) Handshake ServerHelloDone 2 5 1519904858.5484 (0.0449) C>SV3.3(262) Handshake ClientKeyExchange 2 6 1519904858.5484 (0.0000) C>SV3.3(1) ChangeCipherSpec 2 7 1519904858.5484 (0.0000) C>SV3.3(40) Handshake 2 8 1519904858.5508 (0.0023) S>CV3.3(1) ChangeCipherSpec 2 9 1519904858.5508 (0.0000) S>CV3.3(40) Handshake 2 10 1519904858.5928 (0.0420) C>SV3.3(420) application_data 2 11 1519904858.5986 (0.0057) S>CV3.3(642) application_data 2 1519904858.5986 (0.0000) S>C TCP FIN 2 1519904858.6425 (0.0439) C>S TCP FIN New TCP connection #3: 192.168.100.22(50815) <-> 10.212.0.26(443) 3 1 1519904858.7176 (0.0504) C>SV3.1(206) Handshake ClientHello Version 3.3 random[32]= 91 ea 5e 27 33 22 81 db 8a c1 44 ba b1 35 5d 46 e3 2c 9c 45 13 f7 7c 17 e8 70 d4 72 fa f1 a8 ab resume [32]= 5b fe 44 e0 be 12 48 15 63 67 8c 88 47 fa 11 3d ea ad 91 d9 b0 81 9d 8d 19 c0 8a 82 57 ca a1 8c cipher suites Unknown value 0x9a9a TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Unknown value 0xcca9 Unknown value 0xcca8 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_256_GCM_SHA384 TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA compression methods NULL 3 2 1519904858.7187 (0.0010) S>CV3.3(81) Handshake ServerHello Version 3.3 random[32]= a3 7f 41 59 73 24 83 2e 60 38 a7 ad b1 ff 73 d7 dd 8f 06 a3 60 6a a0 3e 63 6d d2 26 13 34 d2 21 session_id[32]= 5b fe 44 e0 be 12 48 15 63 67 8c 88 47 fa 11 3d ea ad 91 d9 b0 81 9d 8d 19 c0 8a 82 57 ca a1 8c cipherSuite TLS_RSA_WITH_AES_256_GCM_SHA384 compressionMethod NULL 3 3 1519904858.7187 (0.0000) S>CV3.3(1) ChangeCipherSpec 3 4 1519904858.7198 (0.0010) S>CV3.3(40) Handshake 3 5 1519904858.7635 (0.0437) C>SV3.3(1) ChangeCipherSpec 3 6 1519904858.7635 (0.0000) C>SV3.3(40) Handshake 3 1519904858.7637 (0.0001) C>S TCP FIN 3 1519904858.7647 (0.0010) S>C TCP FIN New TCP connection #4: 192.168.100.22(50816) <-> 10.212.0.26(443) 4 1 1519904858.8094 (0.0433) C>SV3.1(206) Handshake ClientHello Version 3.3 random[32]= e1 a2 46 14 ee 43 4e 01 ab d0 7c c3 ca c0 77 e5 72 09 8a 29 51 85 c1 4a 96 79 70 c9 7b be 62 c0 resume [32]= 5b fe 44 e0 be 12 48 15 63 67 8c 88 47 fa 11 3d ea ad 91 d9 b0 81 9d 8d 19 c0 8a 82 57 ca a1 8c cipher suites Unknown value 0xeaea TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Unknown value 0xcca9 Unknown value 0xcca8 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_256_GCM_SHA384 TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA compression methods NULL 4 2 1519904858.8094 (0.0000) S>CV3.3(81) Handshake ServerHello Version 3.3 random[32]= a5 72 d9 3c 15 d4 f0 66 5b 33 6c 7b 69 e0 45 3a 78 2c a7 3d 7c 78 7d 42 0e ed 7f ad b7 03 2d d0 session_id[32]= 5b fe 44 e0 be 12 48 15 63 67 8c 88 47 fa 11 3d ea ad 91 d9 b0 81 9d 8d 19 c0 8a 82 57 ca a1 8c cipherSuite TLS_RSA_WITH_AES_256_GCM_SHA384 compressionMethod NULL 4 3 1519904858.8094 (0.0000) S>CV3.3(1) ChangeCipherSpec 4 4 1519904858.8104 (0.0010) S>CV3.3(40) Handshake 4 5 1519904858.8515 (0.0410) C>SV3.3(1) ChangeCipherSpec 4 6 1519904858.8515 (0.0000) C>SV3.3(40) Handshake 4 7 1519904858.8525 (0.0010) C>SV3.3(388) application_data 4 8 1519904858.8589 (0.0064) S>CV3.3(1565) application_data 4 9 1519904858.8610 (0.0020) S>CV3.3(1374) application_data 4 10 1519904858.8642 (0.0031) S>CV3.3(1374) application_data 4 11 1519904858.8662 (0.0020) S>CV3.3(1374) application_data 4 12 1519904858.8684 (0.0021) S>CV3.3(1374) application_data 4 13 1519904858.8705 (0.0020) S>CV3.3(1374) application_data 4 14 1519904858.8727 (0.0021) S>CV3.3(1374) application_data 4 15 1519904858.8747 (0.0020) S>CV3.3(1374) application_data 4 16 1519904858.8779 (0.0031) S>CV3.3(1374) application_data 4 17 1519904858.8800 (0.0021) S>CV3.3(1374) application_data 4 18 1519904858.8842 (0.0041) S>CV3.3(2724) application_data 4 19 1519904858.8863 (0.0021) S>CV3.3(1374) application_data 4 20 1519904858.9103 (0.0240) S>CV3.3(2724) application_data 4 21 1519904858.9103 (0.0000) S>CV3.3(1374) application_data 4 22 1519904858.9114 (0.0010) S>CV3.3(2724) application_data 4 23 1519904858.9114 (0.0000) S>CV3.3(2724) application_data 4 24 1519904858.9126 (0.0011) S>CV3.3(2724) application_data 4 25 1519904858.9157 (0.0031) S>CV3.3(2724) application_data 4 26 1519904858.9206 (0.0049) S>CV3.3(454) application_data 4 1519904858.9207 (0.0000) S>C TCP FIN 4 1519904858.9805 (0.0598) C>S TCP FIN Client tries to connect to port 443 again once the SSL profile has been applied to both client and server side (web server still running on port 80). this produces a conversation with little data being send - See below - Followed by an ssldump of the same connection showing a full ssl handshake followed by a reset as no data has been sent. - next the lets check the internal side [donald@ltm-t1-1-dc2:Active:Standalone] ~ # tcpdump -r /var/tmp/external_12018-03-01_12\:35\:15.bin reading from file /var/tmp/external_12018-03-01_12:35:15.bin, link-type EN10MB (Ethernet) 12:35:15.833031 00:00:00:00:00:00 (oui Ethernet) > 00:00:00:00:00:00 (oui Ethernet), ethertype Unknown (0x05ff), length 242: 0x0000: 4635 2d50 7365 7564 6f2d 706b 7400 434d F5-Pseudo-pkt.CM 0x0010: 443a 2074 6370 6475 6d70 202d 6920 766c D:.tcpdump.-i.vl 0x0020: 3531 202d 6e6e 6e20 2d73 3020 2d76 7676 51.-nnn.-s0.-vvv 0x0030: 202d 7720 2f76 6172 2f74 6d70 2f65 7874 .-w./var/tmp/ext 0x0040: 6572 6e61 6c5f 3132 3031 382d 3033 2d30 ernal_12018-03-0 0x0050: 315f 3132 3a33 353a 3135 2e62 696e 2068 1_12:35:15.bin.h 0x0060: 6f73 7420 3139 322e 3136 382e 3130 302e ost.192.168.100. 0x0070: 3232 2061 6e64 2031 302e 3231 322e 302e 22.and.10.212.0. 0x0080: 3236 0056 4552 3a20 3132 2e31 2e33 2e31 26.VER:.12.1.3.1 0x0090: 2030 2e30 2e39 0048 4f53 543a 206c 746d .0.0.9.HOST:.ltm 0x00a0: 2d74 312d 312d 6463 322e 6d67 6d74 2e66 -t1-1-dc2.mgmt.f 0x00b0: 756c 6c70 726f 7879 2d6c 6162 732e 636f ullproxy-labs.co 0x00c0: 2e75 6b00 504c 4154 3a20 5a31 3030 0050 .uk.PLAT:.Z100.P 0x00d0: 524f 443a 2042 4947 2d49 5000 5345 5353 ROD:.BIG-IP.SESS 0x00e0: 3a20 3000 :.0. 12:35:18.384754 IP 192.168.100.22.51091 > 10.212.0.26.https: Flags [S], seq 2907513654, win 64240, options [mss 1350,nop,wscale 8,nop,nop,sackOK], length 0 in slot1/tmm0 lis= 12:35:18.384819 IP 10.212.0.26.https > 192.168.100.22.51091: Flags [S.], seq 269310390, ack 2907513655, win 4050, options [mss 1460,sackOK,eol], length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector 12:35:18.426137 IP 192.168.100.22.51091 > 10.212.0.26.https: Flags [.], ack 1, win 64240, length 0 in slot1/tmm0 lis=/Common/Slitaz-Redirector 12:35:18.427212 IP 192.168.100.22.51091 > 10.212.0.26.https: Flags [P.], seq 1:212, ack 1, win 64240, length 211 in slot1/tmm0 lis=/Common/Slitaz-Redirector 12:35:18.427322 IP 10.212.0.26.https > 192.168.100.22.51091: Flags [P.], seq 1:93, ack 212, win 4050, length 92 out slot1/tmm0 lis=/Common/Slitaz-Redirector 12:35:18.428369 IP 10.212.0.26.https > 192.168.100.22.51091: Flags [P.], seq 93:138, ack 212, win 4261, length 45 out slot1/tmm0 lis=/Common/Slitaz-Redirector 12:35:18.469259 IP 192.168.100.22.51091 > 10.212.0.26.https: Flags [.], ack 138, win 64103, length 0 in slot1/tmm0 lis=/Common/Slitaz-Redirector 12:35:18.469705 IP 192.168.100.22.51091 > 10.212.0.26.https: Flags [P.], seq 212:263, ack 138, win 64103, length 51 in slot1/tmm0 lis=/Common/Slitaz-Redirector 12:35:18.469713 IP 10.212.0.26.https > 192.168.100.22.51091: Flags [.], ack 263, win 4312, length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector 12:35:18.469741 IP 192.168.100.22.51091 > 10.212.0.26.https: Flags [F.], seq 263, ack 138, win 64103, length 0 in slot1/tmm0 lis=/Common/Slitaz-Redirector 12:35:18.469755 IP 10.212.0.26.https > 192.168.100.22.51091: Flags [.], ack 264, win 4312, length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector 12:35:18.470794 IP 10.212.0.26.https > 192.168.100.22.51091: Flags [.], ack 264, win 4312, length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector 12:35:18.470807 IP 10.212.0.26.https > 192.168.100.22.51091: Flags [F.], seq 138, ack 264, win 4312, length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector 12:35:18.471570 IP 192.168.100.22.51092 > 10.212.0.26.https: Flags [S], seq 1493786258, win 64240, options [mss 1350,nop,wscale 8,nop,nop,sackOK], length 0 in slot1/tmm1 lis= 12:35:18.471598 IP 10.212.0.26.https > 192.168.100.22.51092: Flags [S.], seq 3274282386, ack 1493786259, win 4050, options [mss 1460,sackOK,eol], length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector 12:35:18.512306 IP 192.168.100.22.51091 > 10.212.0.26.https: Flags [.], ack 139, win 64103, length 0 in slot1/tmm0 lis=/Common/Slitaz-Redirector 12:35:18.513446 IP 192.168.100.22.51092 > 10.212.0.26.https: Flags [.], ack 1, win 64240, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector 12:35:18.513909 IP 192.168.100.22.51092 > 10.212.0.26.https: Flags [P.], seq 1:212, ack 1, win 64240, length 211 in slot1/tmm1 lis=/Common/Slitaz-Redirector 12:35:18.513925 IP 10.212.0.26.https > 192.168.100.22.51092: Flags [.], ack 212, win 4261, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector 12:35:18.514997 IP 10.212.0.26.https > 192.168.100.22.51092: Flags [P.], seq 1:93, ack 212, win 4261, length 92 out slot1/tmm1 lis=/Common/Slitaz-Redirector 12:35:18.516033 IP 10.212.0.26.https > 192.168.100.22.51092: Flags [P.], seq 93:138, ack 212, win 4261, length 45 out slot1/tmm1 lis=/Common/Slitaz-Redirector 12:35:18.556428 IP 192.168.100.22.51092 > 10.212.0.26.https: Flags [.], ack 138, win 64103, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector 12:35:18.556896 IP 192.168.100.22.51092 > 10.212.0.26.https: Flags [P.], seq 212:263, ack 138, win 64103, length 51 in slot1/tmm1 lis=/Common/Slitaz-Redirector 12:35:18.556904 IP 10.212.0.26.https > 192.168.100.22.51092: Flags [.], ack 263, win 4312, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector 12:35:18.557726 IP 10.212.0.26.https > 192.168.100.22.51092: Flags [.], ack 263, win 4312, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector 12:35:18.557745 IP 192.168.100.22.51092 > 10.212.0.26.https: Flags [P.], seq 263:688, ack 138, win 64103, length 425 in slot1/tmm1 lis=/Common/Slitaz-Redirector 12:35:18.557763 IP 10.212.0.26.https > 192.168.100.22.51092: Flags [.], ack 688, win 4737, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector 12:35:18.560413 IP 10.212.0.26.https > 192.168.100.22.51092: Flags [R.], seq 138, ack 688, win 0, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector 12:35:18.711438 IP 192.168.100.22.51093 > 10.212.0.26.https: Flags [S], seq 564701516, win 64240, options [mss 1350,nop,wscale 8,nop,nop,sackOK], length 0 in slot1/tmm0 lis= 12:35:18.711487 IP 10.212.0.26.https > 192.168.100.22.51093: Flags [S.], seq 3707234989, ack 564701517, win 4050, options [mss 1460,sackOK,eol], length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector 12:35:18.752134 IP 192.168.100.22.51093 > 10.212.0.26.https: Flags [.], ack 1, win 64240, length 0 in slot1/tmm0 lis=/Common/Slitaz-Redirector 12:35:18.752806 IP 192.168.100.22.51093 > 10.212.0.26.https: Flags [P.], seq 1:212, ack 1, win 64240, length 211 in slot1/tmm0 lis=/Common/Slitaz-Redirector 12:35:18.752856 IP 10.212.0.26.https > 192.168.100.22.51093: Flags [P.], seq 1:93, ack 212, win 4050, length 92 out slot1/tmm0 lis=/Common/Slitaz-Redirector 12:35:18.753887 IP 10.212.0.26.https > 192.168.100.22.51093: Flags [P.], seq 93:138, ack 212, win 4261, length 45 out slot1/tmm0 lis=/Common/Slitaz-Redirector 12:35:18.795159 IP 192.168.100.22.51093 > 10.212.0.26.https: Flags [.], ack 138, win 64103, length 0 in slot1/tmm0 lis=/Common/Slitaz-Redirector 12:35:18.795335 IP 192.168.100.22.51093 > 10.212.0.26.https: Flags [P.], seq 212:263, ack 138, win 64103, length 51 in slot1/tmm0 lis=/Common/Slitaz-Redirector 12:35:18.795343 IP 10.212.0.26.https > 192.168.100.22.51093: Flags [.], ack 263, win 4312, length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector 12:35:18.795377 IP 192.168.100.22.51093 > 10.212.0.26.https: Flags [F.], seq 263, ack 138, win 64103, length 0 in slot1/tmm0 lis=/Common/Slitaz-Redirector 12:35:18.795393 IP 10.212.0.26.https > 192.168.100.22.51093: Flags [.], ack 264, win 4312, length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector 12:35:18.796426 IP 10.212.0.26.https > 192.168.100.22.51093: Flags [.], ack 264, win 4312, length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector 12:35:18.796438 IP 10.212.0.26.https > 192.168.100.22.51093: Flags [F.], seq 138, ack 264, win 4312, length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector 12:35:18.797681 IP 192.168.100.22.51094 > 10.212.0.26.https: Flags [S], seq 2722333784, win 64240, options [mss 1350,nop,wscale 8,nop,nop,sackOK], length 0 in slot1/tmm1 lis= 12:35:18.797707 IP 10.212.0.26.https > 192.168.100.22.51094: Flags [S.], seq 1276667065, ack 2722333785, win 4050, options [mss 1460,sackOK,eol], length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector 12:35:18.837247 IP 192.168.100.22.51093 > 10.212.0.26.https: Flags [.], ack 139, win 64103, length 0 in slot1/tmm0 lis=/Common/Slitaz-Redirector 12:35:18.839021 IP 192.168.100.22.51094 > 10.212.0.26.https: Flags [.], ack 1, win 64240, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector 12:35:18.839454 IP 192.168.100.22.51094 > 10.212.0.26.https: Flags [P.], seq 1:212, ack 1, win 64240, length 211 in slot1/tmm1 lis=/Common/Slitaz-Redirector 12:35:18.839471 IP 10.212.0.26.https > 192.168.100.22.51094: Flags [.], ack 212, win 4261, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector 12:35:18.840528 IP 10.212.0.26.https > 192.168.100.22.51094: Flags [P.], seq 1:93, ack 212, win 4261, length 92 out slot1/tmm1 lis=/Common/Slitaz-Redirector 12:35:18.841567 IP 10.212.0.26.https > 192.168.100.22.51094: Flags [P.], seq 93:138, ack 212, win 4261, length 45 out slot1/tmm1 lis=/Common/Slitaz-Redirector 12:35:18.882063 IP 192.168.100.22.51094 > 10.212.0.26.https: Flags [.], ack 138, win 64103, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector 12:35:18.882513 IP 192.168.100.22.51094 > 10.212.0.26.https: Flags [P.], seq 212:263, ack 138, win 64103, length 51 in slot1/tmm1 lis=/Common/Slitaz-Redirector 12:35:18.882519 IP 10.212.0.26.https > 192.168.100.22.51094: Flags [.], ack 263, win 4312, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector 12:35:18.883341 IP 10.212.0.26.https > 192.168.100.22.51094: Flags [.], ack 263, win 4312, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector 12:35:18.883357 IP 192.168.100.22.51094 > 10.212.0.26.https: Flags [P.], seq 263:714, ack 138, win 64103, length 451 in slot1/tmm1 lis=/Common/Slitaz-Redirector 12:35:18.883373 IP 10.212.0.26.https > 192.168.100.22.51094: Flags [.], ack 714, win 4763, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector 12:35:18.885895 IP 10.212.0.26.https > 192.168.100.22.51094: Flags [R.], seq 138, ack 714, win 0, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector [donald@ltm-t1-1-dc2:Active:Standalone] ~ # ssldump -AedH -i vl51 host 192.168.100.22 New TCP connection #1: 192.168.100.22(51070) <-> 10.212.0.26(443) 1 1 1519907670.1946 (0.0415) C>SV3.1(206) Handshake ClientHello Version 3.3 random[32]= 03 62 de 12 86 d3 db aa 54 40 61 d5 03 4d 83 a5 07 8c a8 ce 5b 9f 5f d0 11 69 f4 5e b3 a9 44 3f resume [32]= 04 93 d6 3c 78 76 6a c1 2c 9b 3c 85 20 ff 52 89 15 f2 65 e9 f7 d6 f9 75 36 54 99 4f 70 0f 22 19 cipher suites Unknown value 0xa0a TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Unknown value 0xcca9 Unknown value 0xcca8 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_256_GCM_SHA384 TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA compression methods NULL 1 2 1519907670.1957 (0.0011) S>CV3.3(81) Handshake ServerHello Version 3.3 random[32]= 3a c3 8b ba 3e 00 7a 72 ee 5c c2 5b 22 da 42 1f 02 9d 26 26 c4 99 b2 5d 04 05 cf 94 cb b3 c2 54 session_id[32]= 04 93 d6 3c 78 76 6a c1 2c 9b 3c 85 20 ff 52 89 15 f2 65 e9 f7 d6 f9 75 36 54 99 4f 70 0f 22 19 cipherSuite TLS_RSA_WITH_AES_256_GCM_SHA384 compressionMethod NULL 1 3 1519907670.1957 (0.0000) S>CV3.3(1) ChangeCipherSpec 1 4 1519907670.1967 (0.0010) S>CV3.3(40) Handshake 1 5 1519907670.2402 (0.0435) C>SV3.3(1) ChangeCipherSpec 1 6 1519907670.2402 (0.0000) C>SV3.3(40) Handshake 1 1519907670.2406 (0.0003) C>S TCP FIN 1 1519907670.2406 (0.0000) S>C TCP FIN New TCP connection #2: 192.168.100.22(51071) <-> 10.212.0.26(443) 2 1 1519907670.2835 (0.0418) C>SV3.1(206) Handshake ClientHello Version 3.3 random[32]= 94 52 95 2a c2 b8 4c d7 c5 e5 2c 5c b2 0a 91 38 2b cb 47 ef 1f e3 f9 25 c4 ba 11 3a 3b 2d 4c 8b resume [32]= 04 93 d6 3c 78 76 6a c1 2c 9b 3c 85 20 ff 52 89 15 f2 65 e9 f7 d6 f9 75 36 54 99 4f 70 0f 22 19 cipher suites Unknown value 0x9a9a TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Unknown value 0xcca9 Unknown value 0xcca8 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_256_GCM_SHA384 TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA compression methods NULL 2 2 1519907670.2836 (0.0000) S>CV3.3(81) Handshake ServerHello Version 3.3 random[32]= b4 07 84 6a 48 40 3e 56 8c 2e 71 0f a5 46 17 d1 fd 2f fe 03 9e ce 11 a5 74 b9 36 e1 11 02 5c cf session_id[32]= 04 93 d6 3c 78 76 6a c1 2c 9b 3c 85 20 ff 52 89 15 f2 65 e9 f7 d6 f9 75 36 54 99 4f 70 0f 22 19 cipherSuite TLS_RSA_WITH_AES_256_GCM_SHA384 compressionMethod NULL 2 3 1519907670.2836 (0.0000) S>CV3.3(1) ChangeCipherSpec 2 4 1519907670.2842 (0.0005) S>CV3.3(40) Handshake 2 5 1519907670.3254 (0.0412) C>SV3.3(1) ChangeCipherSpec 2 6 1519907670.3254 (0.0000) C>SV3.3(40) Handshake 2 7 1519907670.3260 (0.0006) C>SV3.3(420) application_data 2 1519907670.3287 (0.0026) S>C TCP RST New TCP connection #3: 192.168.100.22(51072) <-> 10.212.0.26(443) 3 1 1519907670.5215 (0.0415) C>SV3.1(206) Handshake ClientHello Version 3.3 random[32]= 4f 8e cd 0a aa 7a 92 24 47 0b 5b 06 53 60 0c 32 9f 2c 1f a6 e1 30 7e c1 97 27 86 3b 77 f9 93 69 resume [32]= 04 93 d6 3c 78 76 6a c1 2c 9b 3c 85 20 ff 52 89 15 f2 65 e9 f7 d6 f9 75 36 54 99 4f 70 0f 22 19 cipher suites Unknown value 0x4a4a TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Unknown value 0xcca9 Unknown value 0xcca8 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_256_GCM_SHA384 TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA compression methods NULL 3 2 1519907670.5226 (0.0010) S>CV3.3(81) Handshake ServerHello Version 3.3 random[32]= a3 0e 13 4a cf 5d 9e 80 5e 3b 22 32 2a 45 8c 08 d3 2e 67 51 ea 9b 1d 74 65 5f 6b b0 a4 3b 0e 05 session_id[32]= 04 93 d6 3c 78 76 6a c1 2c 9b 3c 85 20 ff 52 89 15 f2 65 e9 f7 d6 f9 75 36 54 99 4f 70 0f 22 19 cipherSuite TLS_RSA_WITH_AES_256_GCM_SHA384 compressionMethod NULL 3 3 1519907670.5226 (0.0000) S>CV3.3(1) ChangeCipherSpec 3 4 1519907670.5237 (0.0010) S>CV3.3(40) Handshake 3 5 1519907670.5672 (0.0435) C>SV3.3(1) ChangeCipherSpec 3 6 1519907670.5672 (0.0000) C>SV3.3(40) Handshake 3 1519907670.5677 (0.0004) C>S TCP FIN 3 1519907670.5688 (0.0010) S>C TCP FIN New TCP connection #4: 192.168.100.22(51073) <-> 10.212.0.26(443) 4 1 1519907670.6111 (0.0423) C>SV3.1(206) Handshake ClientHello Version 3.3 random[32]= 7a ca 0d 48 0e 24 10 df 73 38 b9 89 e6 dd 10 fc 1c 4e f3 1a 68 b2 97 16 17 f3 6c ce d4 82 ea b7 resume [32]= 04 93 d6 3c 78 76 6a c1 2c 9b 3c 85 20 ff 52 89 15 f2 65 e9 f7 d6 f9 75 36 54 99 4f 70 0f 22 19 cipher suites Unknown value 0x7a7a TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Unknown value 0xcca9 Unknown value 0xcca8 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_256_GCM_SHA384 TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA compression methods NULL 4 2 1519907670.6111 (0.0000) S>CV3.3(81) Handshake ServerHello Version 3.3 random[32]= 5e 09 e8 b7 09 dd 55 0e 63 3f 76 74 ae b0 1d 0d 64 00 29 a3 25 71 99 2e 1b 3b 33 cf 63 c5 b3 0f session_id[32]= 04 93 d6 3c 78 76 6a c1 2c 9b 3c 85 20 ff 52 89 15 f2 65 e9 f7 d6 f9 75 36 54 99 4f 70 0f 22 19 cipherSuite TLS_RSA_WITH_AES_256_GCM_SHA384 compressionMethod NULL 4 3 1519907670.6111 (0.0000) S>CV3.3(1) ChangeCipherSpec 4 4 1519907670.6122 (0.0010) S>CV3.3(40) Handshake 4 5 1519907670.6531 (0.0409) C>SV3.3(1) ChangeCipherSpec 4 6 1519907670.6531 (0.0000) C>SV3.3(40) Handshake 4 7 1519907670.6540 (0.0009) C>SV3.3(446) application_data 4 1519907670.6570 (0.0030) S>C TCP RST Client tries to connect to port 443 again once the SSL profile has been applied to both client and server side (web server still running on port 80). this produces a short conversation ending with a reset, signaling an error - See below - Followed by an ssldump of the same connection showing failure as the client (the F5) is trying to start and ssl handshake with a server on port 80 (unencrypted) [donald@ltm-t1-1-dc2:Active:Standalone] ~ # tcpdump -r /var/tmp/internal_12018-03-01_12\:48\:57.bin reading from file /var/tmp/internal_12018-03-01_12:48:57.bin, link-type EN10MB (Ethernet) 12:48:57.173959 00:00:00:00:00:00 (oui Ethernet) > 00:00:00:00:00:00 (oui Ethernet), ethertype Unknown (0x05ff), length 241: 0x0000: 4635 2d50 7365 7564 6f2d 706b 7400 434d F5-Pseudo-pkt.CM 0x0010: 443a 2074 6370 6475 6d70 202d 6920 766c D:.tcpdump.-i.vl 0x0020: 3231 3032 202d 6e6e 6e20 2d73 3020 2d76 2102.-nnn.-s0.-v 0x0030: 7676 202d 7720 2f76 6172 2f74 6d70 2f69 vv.-w./var/tmp/i 0x0040: 6e74 6572 6e61 6c5f 3132 3031 382d 3033 nternal_12018-03 0x0050: 2d30 315f 3132 3a34 383a 3537 2e62 696e -01_12:48:57.bin 0x0060: 2068 6f73 7420 3130 2e31 3032 2e30 2e31 .host.10.102.0.1 0x0070: 3020 616e 6420 3130 2e31 3032 2e30 2e32 0.and.10.102.0.2 0x0080: 3600 5645 523a 2031 322e 312e 332e 3120 6.VER:.12.1.3.1. 0x0090: 302e 302e 3900 484f 5354 3a20 6c74 6d2d 0.0.9.HOST:.ltm- 0x00a0: 7431 2d31 2d64 6332 2e6d 676d 742e 6675 t1-1-dc2.mgmt.fu 0x00b0: 6c6c 7072 6f78 792d 6c61 6273 2e63 6f2e llproxy-labs.co. 0x00c0: 756b 0050 4c41 543a 205a 3130 3000 5052 uk.PLAT:.Z100.PR 0x00d0: 4f44 3a20 4249 472d 4950 0053 4553 533a OD:.BIG-IP.SESS: 0x00e0: 2030 00 .0. 12:49:35.271751 IP 10.102.0.10.28162 > 10.102.0.26.http: Flags [S], seq 484841221, win 4050, options [mss 1350,sackOK,eol], length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector 12:49:35.271904 IP 10.102.0.26.http > 10.102.0.10.28162: Flags [S.], seq 1085124411, ack 484841222, win 4380, options [mss 1460,nop,nop,sackOK], length 0 in slot1/tmm0 lis=/Common/Slitaz-Redirector 12:49:35.271910 IP 10.102.0.10.28162 > 10.102.0.26.http: Flags [.], ack 1, win 4050, length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector 12:49:35.271919 IP 10.102.0.10.28162 > 10.102.0.26.http: Flags [P.], seq 1:143, ack 1, win 4050, length 142: HTTP out slot1/tmm0 lis=/Common/Slitaz-Redirector 12:49:35.273104 IP 10.102.0.26.http > 10.102.0.10.28162: Flags [.], ack 143, win 5360, length 0 in slot1/tmm0 lis=/Common/Slitaz-Redirector 12:49:35.273266 IP 10.102.0.26.http > 10.102.0.10.28162: Flags [P.], seq 1:225, ack 143, win 5360, length 224: HTTP: HTTP/1.0 400 Bad Request in slot1/tmm0 lis=/Common/Slitaz-Redirector 12:49:35.273299 IP 10.102.0.10.28162 > 10.102.0.26.http: Flags [P.], seq 143:150, ack 225, win 4050, length 7: HTTP out slot1/tmm0 lis=/Common/Slitaz-Redirector 12:49:35.273319 IP 10.102.0.10.28162 > 10.102.0.26.http: Flags [R.], seq 150, ack 225, win 0, length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector 12:49:35.274348 IP 10.102.0.26.http > 10.102.0.10.28162: Flags [F.], seq 225, ack 143, win 5360, length 0 in slot1/tmm0 lis= 12:49:35.274389 IP 10.102.0.10.28162 > 10.102.0.26.http: Flags [R.], seq 143, ack 226, win 0, length 0 out slot1/tmm0 lis= 12:49:35.274510 IP 10.102.0.26.http > 10.102.0.10.28162: Flags [R], seq 1085124636, win 0, length 0 in slot1/tmm0 lis= [donald@ltm-t1-1-dc2:Active:Standalone] ~ # ssldump -AedH -i vl2102 host 10.102.0.10 New TCP connection #1: 10.102.0.10(42606) <-> 10.102.0.26(80) 1 1 1519908883.3629 (0.0001) C>SV3.1(137) Handshake ClientHello Version 3.3 random[32]= 55 01 96 b5 03 b1 3c a6 a3 32 0f a2 a8 b6 29 7a 90 65 3c b5 d9 29 da 54 54 cf f5 76 ed 6d 77 35 cipher suites TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_AES_256_GCM_SHA384 TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_EMPTY_RENEGOTIATION_INFO_SCSV compression methods NULL Unknown SSL content type 72 1 2 1519908883.3643 (0.0013) S>CShort record 1 1519908883.3643 (0.0000) S>C TCP FIN 1 3 1519908883.3643 (0.0000) C>SV3.1(2) Alert level fatal value handshake_failure 1 1519908883.3643 (0.0000) C>S TCP RST Client tries to connect to port 443 again, the web server is now running on port 443. This produces a normal conversation - See below - Followed by an ssldump of the same connection showing the client (the F5) establishing a successful ssl handshake with a server on port 443 [donald@ltm-t1-1-dc2:Active:Standalone] ~ # tcpdump -r /var/tmp/internal_42018-03-01_16\:13\:10.bin reading from file /var/tmp/internal_42018-03-01_16:13:10.bin, link-type EN10MB (Ethernet) 16:13:11.003644 00:00:00:00:00:00 (oui Ethernet) > 00:00:00:00:00:00 (oui Ethernet), ethertype Unknown (0x05ff), length 262: 0x0000: 4635 2d50 7365 7564 6f2d 706b 7400 434d F5-Pseudo-pkt.CM 0x0010: 443a 2074 6370 6475 6d70 202d 6920 766c D:.tcpdump.-i.vl 0x0020: 3231 3032 202d 6e6e 6e20 2d73 3020 2d76 2102.-nnn.-s0.-v 0x0030: 7676 202d 7720 2f76 6172 2f74 6d70 2f69 vv.-w./var/tmp/i 0x0040: 6e74 6572 6e61 6c5f 3432 3031 382d 3033 nternal_42018-03 0x0050: 2d30 315f 3136 3a31 333a 3130 2e62 696e -01_16:13:10.bin 0x0060: 206e 6574 2031 302e 3130 322e 302e 302f .net.10.102.0.0/ 0x0070: 3234 2061 6e64 206e 6f74 2068 6f73 7420 24.and.not.host. 0x0080: 3130 2e31 3032 2e30 2e31 2061 6e64 206e 10.102.0.1.and.n 0x0090: 6f74 2061 7270 0056 4552 3a20 3132 2e31 ot.arp.VER:.12.1 0x00a0: 2e33 2e31 2030 2e30 2e39 0048 4f53 543a .3.1.0.0.9.HOST: 0x00b0: 206c 746d 2d74 312d 312d 6463 322e 6d67 .ltm-t1-1-dc2.mg 0x00c0: 6d74 2e66 756c 6c70 726f 7879 2d6c 6162 mt.fullproxy-lab 0x00d0: 732e 636f 2e75 6b00 504c 4154 3a20 5a31 s.co.uk.PLAT:.Z1 0x00e0: 3030 0050 524f 443a 2042 4947 2d49 5000 00.PROD:.BIG-IP. 0x00f0: 5345 5353 3a20 3000 SESS:.0. 16:13:21.166355 IP 10.102.0.20.53516 > 10.102.0.34.https: Flags [S], seq 465669175, win 4050, options [mss 1350,sackOK,eol], length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector 16:13:21.166475 IP 10.102.0.34.https > 10.102.0.20.53516: Flags [S.], seq 256616424, ack 465669176, win 29200, options [mss 1460,nop,nop,sackOK], length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector 16:13:21.166482 IP 10.102.0.20.53516 > 10.102.0.34.https: Flags [.], ack 1, win 4050, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector 16:13:21.166499 IP 10.102.0.20.53516 > 10.102.0.34.https: Flags [P.], seq 1:143, ack 1, win 4050, length 142 out slot1/tmm1 lis=/Common/Slitaz-Redirector 16:13:21.167582 IP 10.102.0.34.https > 10.102.0.20.53516: Flags [.], ack 143, win 30016, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector 16:13:21.171861 IP 10.102.0.34.https > 10.102.0.20.53516: Flags [.], seq 1:1351, ack 143, win 30016, length 1350 in slot1/tmm1 lis=/Common/Slitaz-Redirector 16:13:21.171865 IP 10.102.0.34.https > 10.102.0.20.53516: Flags [P.], seq 1351:1599, ack 143, win 30016, length 248 in slot1/tmm1 lis=/Common/Slitaz-Redirector 16:13:21.172963 IP 10.102.0.20.53516 > 10.102.0.34.https: Flags [.], ack 1599, win 5648, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector 16:13:21.182784 IP 10.102.0.20.53516 > 10.102.0.34.https: Flags [P.], seq 143:416, ack 1599, win 5648, length 273 out slot1/tmm1 lis=/Common/Slitaz-Redirector 16:13:21.182822 IP 10.102.0.20.53516 > 10.102.0.34.https: Flags [P.], seq 416:461, ack 1599, win 5648, length 45 out slot1/tmm1 lis=/Common/Slitaz-Redirector 16:13:21.186188 IP 10.102.0.34.https > 10.102.0.20.53516: Flags [.], ack 461, win 31088, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector 16:13:21.186191 IP 10.102.0.34.https > 10.102.0.20.53516: Flags [P.], seq 1599:1650, ack 461, win 31088, length 51 in slot1/tmm1 lis=/Common/Slitaz-Redirector 16:13:21.186197 IP 10.102.0.20.53516 > 10.102.0.34.https: Flags [.], ack 1650, win 5699, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector 16:13:21.186476 IP 10.102.0.20.53516 > 10.102.0.34.https: Flags [.], ack 1650, win 5699, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector 16:13:21.186505 IP 10.102.0.20.53516 > 10.102.0.34.https: Flags [P.], seq 461:886, ack 1650, win 5699, length 425 out slot1/tmm1 lis=/Common/Slitaz-Redirector 16:13:21.187052 IP 10.102.0.34.https > 10.102.0.20.53516: Flags [P.], seq 1650:2308, ack 886, win 32160, length 658 in slot1/tmm1 lis=/Common/Slitaz-Redirector 16:13:21.187061 IP 10.102.0.20.53516 > 10.102.0.34.https: Flags [.], ack 2308, win 6357, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector 16:13:26.129438 IP 10.102.0.34.https > 10.102.0.20.53516: Flags [P.], seq 2308:2339, ack 886, win 32160, length 31 in slot1/tmm1 lis=/Common/Slitaz-Redirector 16:13:26.129445 IP 10.102.0.34.https > 10.102.0.20.53516: Flags [F.], seq 2339, ack 886, win 32160, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector 16:13:26.129462 IP 10.102.0.20.53516 > 10.102.0.34.https: Flags [.], ack 2339, win 6388, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector 16:13:26.129467 IP 10.102.0.20.53516 > 10.102.0.34.https: Flags [F.], seq 886, ack 2339, win 6388, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector 16:13:26.129474 IP 10.102.0.20.53516 > 10.102.0.34.https: Flags [.], ack 2340, win 6388, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector 16:13:26.130570 IP 10.102.0.34.https > 10.102.0.20.53516: Flags [.], ack 887, win 32160, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector SSLdump donald@ltm-t1-1-dc2:Active:Standalone] ~ # ssldump -Aed -i vl2102 net 10.102.0.0/24 New TCP connection #1: 10.102.0.14(53666) <-> 10.102.0.34(443) 1 1 1519921352.3464 (0.0002) C>SV3.1(137) Handshake ClientHello Version 3.3 random[32]= 38 d5 85 07 22 41 3f 64 3f ce 23 62 fd 24 10 c7 84 0d 74 a5 f6 3e bf 59 c1 92 7e 09 82 74 55 29 cipher suites TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_AES_256_GCM_SHA384 TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_EMPTY_RENEGOTIATION_INFO_SCSV compression methods NULL 1 2 1519921352.3554 (0.0090) S>CV3.3(81) Handshake ServerHello Version 3.3 random[32]= 9e f3 c6 fd 39 5c 53 50 6c 18 92 d9 cb 8f 28 98 00 e0 c5 9a 19 33 ce f8 30 99 97 3e 9d 4a 34 03 session_id[32]= d9 2a 52 bf 6b 77 0d 50 d0 9b c5 30 d1 82 4f 0d 74 92 a6 90 c4 c7 95 4b b1 9a 12 33 ce ae 42 bf cipherSuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 compressionMethod NULL 1 3 1519921352.3554 (0.0000) S>CV3.3(710) Handshake Certificate 1 4 1519921352.3564 (0.0010) S>CV3.3(783) Handshake ServerKeyExchange 1 5 1519921352.3564 (0.0000) S>CV3.3(4) Handshake ServerHelloDone 1 6 1519921352.3663 (0.0098) C>SV3.3(262) Handshake ClientKeyExchange 1 7 1519921352.3663 (0.0000) C>SV3.3(1) ChangeCipherSpec 1 8 1519921352.3663 (0.0000) C>SV3.3(40) Handshake 1 9 1519921352.3735 (0.0071) S>CV3.3(1) ChangeCipherSpec 1 10 1519921352.3735 (0.0000) S>CV3.3(40) Handshake 1 11 1519921352.3745 (0.0010) C>SV3.3(446) application_data 1 12 1519921352.3752 (0.0006) S>CV3.3(361) application_data 1 13 1519921352.3752 (0.0000) S>CV3.3(250) application_data 1 14 1519921352.3752 (0.0000) S>CV3.3(32) application_data New TCP connection #2: 10.102.0.1(52179) <-> 10.102.0.34(443) Back to an unencrypted connection external and internal conversation between the PC<-80->F5(snat REMOVED)<-80->WebServer This show the client 192.168.100.22 talking to the F5 10.212.0.26 then the webserver responding directly back through the F5, as the webserver has a default gateway of the F5 selfIP [donald@ltm-t1-1-dc2:Active:Standalone] ~ # tcpdump -i 0.0 host 192.168.100.22 -nnn tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on 0.0, link-type EN10MB (Ethernet), capture size 65535 bytes 19:57:25.690711 IP 192.168.100.22.56099 > 10.212.0.26.80: Flags [S], seq 1689317203, win 64240, options [mss 1350,nop,wscale 8,nop,nop,sackOK], length 0 in slot1/tmm1 lis= 19:57:25.690809 IP 10.212.0.26.80 > 192.168.100.22.56099: Flags [S.], seq 4240572499, ack 1689317204, win 4050, options [mss 1460,sackOK,eol], length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector 19:57:25.731359 IP 192.168.100.22.56099 > 10.212.0.26.80: Flags [.], ack 1, win 64240, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector 19:57:25.731911 IP 192.168.100.22.56099 > 10.212.0.26.80: Flags [P.], seq 1:469, ack 1, win 64240, length 468: HTTP: GET / HTTP/1.1 in slot1/tmm1 lis=/Common/Slitaz-Redirector 19:57:25.731940 IP 192.168.100.22.56099 > 10.102.0.26.80: Flags [S], seq 3095608729, win 4050, options [mss 1350,sackOK,eol], length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector 19:57:25.731943 IP 10.212.0.26.80 > 192.168.100.22.56099: Flags [.], ack 469, win 4518, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector 19:57:25.732486 IP 10.102.0.26.80 > 192.168.100.22.56099: Flags [S.], seq 4180300829, ack 3095608730, win 4380, options [mss 1460,nop,nop,sackOK], length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector 19:57:25.732492 IP 192.168.100.22.56099 > 10.102.0.26.80: Flags [.], ack 1, win 4050, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector 19:57:25.732499 IP 192.168.100.22.56099 > 10.102.0.26.80: Flags [P.], seq 1:469, ack 1, win 4050, length 468: HTTP: GET / HTTP/1.1 out slot1/tmm1 lis=/Common/Slitaz-Redirector 19:57:25.733029 IP 10.102.0.26.80 > 192.168.100.22.56099: Flags [.], ack 469, win 5360, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector 19:57:25.733299 IP 10.102.0.26.80 > 192.168.100.22.56099: Flags [P.], seq 1:190, ack 469, win 5360, length 189: HTTP: HTTP/1.0 200 OK in slot1/tmm1 lis=/Common/Slitaz-Redirector 19:57:25.733301 IP 10.102.0.26.80 > 192.168.100.22.56099: Flags [FP.], seq 190:619, ack 469, win 5360, length 429: HTTP in slot1/tmm1 lis=/Common/Slitaz-Redirector 19:57:25.733310 IP 192.168.100.22.56099 > 10.102.0.26.80: Flags [.], ack 190, win 4239, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector 19:57:25.733313 IP 10.212.0.26.80 > 192.168.100.22.56099: Flags [P.], seq 1:619, ack 469, win 4518, length 618: HTTP: HTTP/1.0 200 OK out slot1/tmm1 lis=/Common/Slitaz-Redirector 19:57:25.733317 IP 192.168.100.22.56099 > 10.102.0.26.80: Flags [.], ack 620, win 4668, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector 19:57:25.733320 IP 10.212.0.26.80 > 192.168.100.22.56099: Flags [F.], seq 619, ack 469, win 4518, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector 19:57:25.778748 IP 192.168.100.22.56099 > 10.212.0.26.80: Flags [.], ack 1, win 64240, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector 19:57:25.779529 IP 192.168.100.22.56099 > 10.212.0.26.80: Flags [.], ack 620, win 63622, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector 19:57:25.780833 IP 192.168.100.22.56099 > 10.212.0.26.80: Flags [F.], seq 469, ack 620, win 63622, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector 19:57:25.780839 IP 10.212.0.26.80 > 192.168.100.22.56099: Flags [.], ack 470, win 4518, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector 19:57:25.780842 IP 192.168.100.22.56099 > 10.102.0.26.80: Flags [F.], seq 469, ack 620, win 4668, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector 19:57:25.781375 IP 10.102.0.26.80 > 192.168.100.22.56099: Flags [.], ack 470, win 5360, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector Same conversation as above between the PC<-80->F5(snat REMOVED)<-80->WebServer, although this time the server doesn't have a gateway of the F5. Notice the 3 syn packets coming from the PC, this is the packet from the internal side of the F5 sending a packet to the webserver although it doesn't see the reply as there is no NAT and the webserver doesn't have a default gateway of the F5 [donald@ltm-t1-1-dc2:Active:Standalone] ~ # tcpdump -i 0.0 host 192.168.100.22 -nnn tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on 0.0, link-type EN10MB (Ethernet), capture size 65535 bytes 20:15:30.912523 IP 192.168.100.22.56358 > 10.212.0.26.80: Flags [S], seq 4159471861, win 64240, options [mss 1350,nop,wscale 8,nop,nop,sackOK], length 0 in slot1/tmm0 lis= 20:15:30.912585 IP 10.212.0.26.80 > 192.168.100.22.56358: Flags [S.], seq 4181511221, ack 4159471862, win 4050, options [mss 1460,sackOK,eol], length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector 20:15:30.955758 IP 192.168.100.22.56358 > 10.212.0.26.80: Flags [.], ack 1, win 64240, length 0 in slot1/tmm0 lis=/Common/Slitaz-Redirector 20:15:30.956317 IP 192.168.100.22.56358 > 10.212.0.26.80: Flags [P.], seq 1:469, ack 1, win 64240, length 468: HTTP: GET / HTTP/1.1 in slot1/tmm0 lis=/Common/Slitaz-Redirector 20:15:30.956417 IP 192.168.100.22.56358 > 10.102.0.26.80: Flags [S], seq 748625133, win 4050, options [mss 1350,sackOK,eol], length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector 20:15:30.956427 IP 10.212.0.26.80 > 192.168.100.22.56358: Flags [.], ack 469, win 4518, length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector 20:15:33.956597 IP 192.168.100.22.56358 > 10.102.0.26.80: Flags [S], seq 748625133, win 4050, options [mss 1350,sackOK,eol], length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector 20:15:36.956848 IP 192.168.100.22.56358 > 10.102.0.26.80: Flags [S], seq 748625133, win 4050, options [mss 1350,sackOK,eol], length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector 20:15:39.956761 IP 192.168.100.22.56358 > 10.102.0.26.80: Flags [S], seq 748625133, win 4050, options [mss 1350,sackOK,eol], length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector 20:15:42.956867 IP 10.212.0.26.80 > 192.168.100.22.56358: Flags [R.], seq 1, ack 469, win 0, length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector |
F5 cli upgrade
scp -r BIGIP-12.1.3.1-0.0.9.iso donald@172.16.51.15:/shared/images tmsh install sys software image BIGIP-12.1.3.1-0.0.9.iso create-volume volume HD1.3 tmsh show sys software tailf /var/log/liveinstall.log bash switchboot -b HD1.3 tmsh reboot volume HD1.3 |
Usefull Linux Commands
Openssl s_client
openssl s_client -connect 10.211.0.3:443 | openssl x509 -purpose openssl s_client -connect 10.150.232.96:443 -showcerts #show dates openssl s_client -connect 10.240.89.254:3041 | openssl x509 -noout -dates notBefore=Oct 10 20:04:26 2015 GMT notAfter=Oct 9 20:04:26 2017 GMT openssl s_client -connect 10.240.89.254:3041 | openssl x509 -noout -issuer openssl s_client -connect 10.240.89.254:3041 | openssl x509 #nearly all details openssl s_client -connect 10.240.89.254:3041 | openssl x509 -noout -text https://www.shellhacks.com/openssl-check-ssl-certificate-expiration-date/ |
1-10 of 25