F5 DUMP


Ansible and F5

posted 3 May 2018, 07:01 by Donald Ross   [ updated 3 May 2018, 13:41 ]

~~~~~still to edit~~~~~~~

Install OS - Ubuntu 16.04    #https://github.com/npearce/F5-iApps_and_Ansible-playbooks

download ansible-tower setup

wget "http://releases.ansible.com/ansible-tower/setup/ansible-tower-setup-latest.tar.gz" 

Setup - 
http://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html
http://docs.ansible.com/ansible-tower/3.0.3/html/quickstart/index.html

tar xvf ansible-tower-setup-latest.tar.gz
cd ansible-tower-setup-3.2.4/
sudo nano inventory
-enter passwords in any password field
sudo ./setup.sh

sudo apt install python3-pip
sudo apt install python-pip
sudo pip install f5-sdk bigsuds netaddr deepdiffnetaddr deepdiff

login in and request license and add-
*video*

basic setup referance
https://www.youtube.com/watch?v=eu_95ItWmyE


https://devcentral.f5.com/articles/dig-deeper-into-ansible-and-f5-integration-25984


ref:
https://github.com/payalsin/f5-ansible/tree/master/playbooks

https://devcentral.f5.com/articles/dig-deeper-into-ansible-and-f5-integration-25984

http://jsonviewer.stack.hu/

https://jsonformatter.org/yaml-validator

http://warfares.github.io/pretty-json/

https://github.com/F5Networks/f5-ansible/tree/devel/library/modules

https://www.youtube.com/watch?v=TsUIRtT80QU

http://appsvcs-integration-iapp.readthedocs.io/en/develop/userguide/module1/module1.html






F5 SNMP

posted 20 Mar 2018, 03:49 by Donald Ross   [ updated 20 Mar 2018, 04:22 ]


On Ubuntu install snmpwalk using
apt-get install snmp

On Ubuntu install snmpwalk using
snmpwalk -v2c -c public 192.168.2.21

snmpwalk -v2c -c  SNMP_Community1   192.168.2.1 1.3.6.1.4.1.21067.2.1.2.4.2


https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-external-monitoring-implementations-11-3-0/8.html


F5 logs

posted 20 Mar 2018, 03:47 by Donald Ross

*** add some more info***

View zipped log
zcat ltm.1.gz

F5 connection table

posted 1 Mar 2018, 08:51 by Donald Ross   [ updated 1 Mar 2018, 09:40 ]

#delete connection
tmsh delete /sys connection cs-client-addr  172.10.50.20
#show connections
show sys connection cs-client-addr 192.168.100.22
#Other options
Options:
  all-properties   exa              kil              peta             save-to-file     yotta            |
  default          gig              meg              raw              tera             zetta
Properties:
  age              cs-client-addr   cs-server-addr   protocol         ss-client-port   ss-server-port   {
  connection-id    cs-client-port   cs-server-port   ss-client-addr   ss-server-addr   type

 show sys connection all-properties

#Examples

show sys connection

Really display all connections? (y/n) y
Sys::Connections
10.102.0.1:58776     10.102.0.26:8       10.102.0.1:58776     10.102.0.26:8       icmp  4  (tmm: 0)  none
192.168.51.11:56627  192.168.51.15:4353  192.168.51.11:56627  192.168.51.15:4353  tcp   2  (tmm: 0)  none
10.102.0.1:58775  10.102.0.26:8  10.102.0.1:58775  10.102.0.26:8  icmp  9  (tmm: 1)  none
Total records returned: 3

donald@(ltm-t1-1-dc2)(cfg-sync Standalone)(Active)(/Common)(tmos)# show sys connection all-properties

Really display all connections? (y/n) y
Sys::Connections
10.102.0.1:58784 - 10.102.0.26:8 - 10.102.0.1:58784 - 10.102.0.26:8
-------------------------------------------------------------------
  TMM           0
  Type          self
  Acceleration  none
  Protocol      icmp
  Idle Time     5
  Idle Timeout  10
  Unit ID       0
  Lasthop       /Common/vl2102 00:50:56:ab:fc:78
  Virtual Path  10.102.0.26:8
  Conn Id 0

                     ClientSide        ServerSide
  Client Addr  10.102.0.1:58784  10.102.0.1:58784
  Server Addr     10.102.0.26:8     10.102.0.26:8
  Bits In                   320               320
  Bits Out                  320               320
  Packets In                  1                 1
  Packets Out                 1                 1

192.168.51.11:56627 - 192.168.51.15:4353 - 192.168.51.11:56627 - 192.168.51.15:4353
-----------------------------------------------------------------------------------
  TMM           0
  Type          self
  Acceleration  none
  Protocol      tcp
  Idle Time     2
  Idle Timeout  300
  Unit ID       0
  Lasthop       /Common/vl51 00:50:56:ab:8e:45
  Virtual Path  192.168.51.15:4353
  Conn Id 0

                        ClientSide           ServerSide
  Client Addr  192.168.51.11:56627  192.168.51.11:56627
  Server Addr   192.168.51.15:4353   192.168.51.15:4353
  Bits In                    97.8M               104.7M
  Bits Out                  104.7M                97.8M
  Packets In                140.7K               140.6K
  Packets Out               140.6K               140.7K

10.102.0.1:58783 - 10.102.0.26:8 - 10.102.0.1:58783 - 10.102.0.26:8
-------------------------------------------------------------------
  TMM           1
  Type          self
  Acceleration  none
  Protocol      icmp
  Idle Time     10
  Idle Timeout  10
  Unit ID       0
  Lasthop       /Common/vl2102 00:50:56:ab:fc:78
  Virtual Path  10.102.0.26:8
  Conn Id 0

                     ClientSide        ServerSide
  Client Addr  10.102.0.1:58783  10.102.0.1:58783
  Server Addr     10.102.0.26:8     10.102.0.26:8
  Bits In                   320               320
  Bits Out                  320               320
  Packets In                  1                 1
  Packets Out                 1                 1

Total records returned: 3


Lets Encrypt Now!

posted 1 Mar 2018, 06:14 by Donald Ross


F5 TCPdump examples

posted 1 Mar 2018, 06:12 by Donald Ross   [ updated 1 Mar 2018, 13:17 ]

Wireshark tips
-Add delta time column

SSLdump nuggets
-Version 3.0 =  SSLv3,
-Version 3.1 = TLS 1.0
-Version 3.2 = TLS 1.1
-Version 3.3 = TLS 1.2


Breaking Down the TLS Handshake



TCPdump

This first dump show the external and internal conversation between the PC<-80->F5(snat)<-80->WebServer

External
donald@R2-D3:~/TCPdump_F5_301b/test80_80$ tcpdump -r 2018-02-28_19\:18\:29_external.bin
reading from file 2018-02-28_19:18:29_external.bin, link-type EN10MB (Ethernet)
19:18:29.068432 00:00:00:00:00:00 (oui Ethernet) > 00:00:00:00:00:00 (oui Ethernet), ethertype Unknown (0x05ff), length 248:
        0x0000:  4635 2d50 7365 7564 6f2d 706b 7400 434d  F5-Pseudo-pkt.CM
        0x0010:  443a 2074 6370 6475 6d70 202d 6920 766c  D:.tcpdump.-i.vl
        0x0020:  3531 202d 6320 3130 3020 2d6e 6e6e 202d  51.-c.100.-nnn.-
        0x0030:  7330 202d 7676 7620 2d77 202f 7661 722f  s0.-vvv.-w./var/
        0x0040:  746d 702f 3230 3138 2d30 322d 3238 5f31  tmp/2018-02-28_1
        0x0050:  393a 3138 3a32 395f 6578 7465 726e 616c  9:18:29_external
        0x0060:  2e62 696e 2068 6f73 7420 3139 322e 3136  .bin.host.192.16
        0x0070:  382e 3130 302e 3232 2061 6e64 2031 302e  8.100.22.and.10.
        0x0080:  3231 322e 302e 3236 0056 4552 3a20 3132  212.0.26.VER:.12
        0x0090:  2e31 2e33 2e31 2030 2e30 2e39 0048 4f53  .1.3.1.0.0.9.HOS
        0x00a0:  543a 206c 746d 2d74 312d 312d 6463 322e  T:.ltm-t1-1-dc2.
        0x00b0:  6d67 6d74 2e66 756c 6c70 726f 7879 2d6c  mgmt.fullproxy-l
        0x00c0:  6162 732e 636f 2e75 6b00 504c 4154 3a20  abs.co.uk.PLAT:.
        0x00d0:  5a31 3030 0050 524f 443a 2042 4947 2d49  Z100.PROD:.BIG-I
        0x00e0:  5000 5345 5353 3a20 3000                 P.SESS:.0.
19:18:54.400032 IP 192.168.100.22.61957 > 10.212.0.26.http: Flags [S], seq 1099534812, win 64240, options [mss 1350,nop,wscale 8,nop,nop,sackOK], length 0
19:18:54.400099 IP 10.212.0.26.http > 192.168.100.22.61957: Flags [S.], seq 2915381692, ack 1099534813, win 4050, options [mss 1460,sackOK,eol], length 0
19:18:54.441192 IP 192.168.100.22.61957 > 10.212.0.26.http: Flags [.], ack 1, win 64240, length 0
19:18:54.441798 IP 192.168.100.22.61957 > 10.212.0.26.http: Flags [P.], seq 1:393, ack 1, win 64240, length 392: HTTP: GET / HTTP/1.1
19:18:54.441856 IP 10.212.0.26.http > 192.168.100.22.61957: Flags [.], ack 393, win 4442, length 0
19:18:54.445450 IP 10.212.0.26.http > 192.168.100.22.61957: Flags [P.], seq 1:619, ack 393, win 4442, length 618: HTTP: HTTP/1.0 200 OK
19:18:54.445460 IP 10.212.0.26.http > 192.168.100.22.61957: Flags [F.], seq 619, ack 393, win 4442, length 0
19:18:54.491530 IP 192.168.100.22.61957 > 10.212.0.26.http: Flags [F.], seq 393, ack 619, win 63622, length 0
19:18:54.491543 IP 10.212.0.26.http > 192.168.100.22.61957: Flags [.], ack 394, win 4442, length 0
19:18:54.491635 IP 192.168.100.22.61957 > 10.212.0.26.http: Flags [.], ack 620, win 63622, length 0
19:18:54.507629 IP 192.168.100.22.61958 > 10.212.0.26.http: Flags [S], seq 3928284592, win 64240, options [mss 1350,nop,wscale 8,nop,nop,sackOK], length 0
19:18:54.507687 IP 10.212.0.26.http > 192.168.100.22.61958: Flags [S.], seq 2719480176, ack 3928284593, win 4050, options [mss 1460,sackOK,eol], length 0
19:18:54.549505 IP 192.168.100.22.61958 > 10.212.0.26.http: Flags [.], ack 1, win 64240, length 0
19:18:54.549956 IP 192.168.100.22.61958 > 10.212.0.26.http: Flags [P.], seq 1:360, ack 1, win 64240, length 359: HTTP: GET /FullProxy.png HTTP/1.1
19:18:54.550011 IP 10.212.0.26.http > 192.168.100.22.61958: Flags [.], ack 360, win 4409, length 0
19:18:54.553961 IP 10.212.0.26.http > 192.168.100.22.61958: Flags [P.], seq 1:1542, ack 360, win 4409, length 1541: HTTP: HTTP/1.0 200 OK
19:18:54.557058 IP 10.212.0.26.http > 192.168.100.22.61958: Flags [P.], seq 1542:2892, ack 360, win 4409, length 1350: HTTP
19:18:54.559208 IP 10.212.0.26.http > 192.168.100.22.61958: Flags [P.], seq 2892:4242, ack 360, win 4409, length 1350: HTTP
19:18:54.561271 IP 10.212.0.26.http > 192.168.100.22.61958: Flags [P.], seq 4242:4382, ack 360, win 4409, length 140: HTTP
19:18:54.597726 IP 192.168.100.22.61958 > 10.212.0.26.http: Flags [.], ack 1542, win 64800, length 0
19:18:54.604999 IP 192.168.100.22.61958 > 10.212.0.26.http: Flags [.], ack 4382, win 64800, length 0
19:18:54.607053 IP 10.212.0.26.http > 192.168.100.22.61958: Flags [P.], seq 4382:6942, ack 360, win 4409, length 2560: HTTP
19:18:54.607058 IP 10.212.0.26.http > 192.168.100.22.61958: Flags [P.], seq 6942:12342, ack 360, win 4409, length 5400: HTTP
19:18:54.653738 IP 192.168.100.22.61958 > 10.212.0.26.http: Flags [.], ack 6942, win 64800, length 0
19:18:54.653746 IP 10.212.0.26.http > 192.168.100.22.61958: Flags [P.], seq 12342:17742, ack 360, win 4409, length 5400: HTTP
19:18:54.658839 IP 192.168.100.22.61958 > 10.212.0.26.http: Flags [.], ack 9642, win 64800, length 0
19:18:54.658845 IP 10.212.0.26.http > 192.168.100.22.61958: Flags [P.], seq 17742:21792, ack 360, win 4409, length 4050: HTTP
19:18:54.663671 IP 192.168.100.22.61958 > 10.212.0.26.http: Flags [.], ack 12342, win 64800, length 0
19:18:54.663676 IP 10.212.0.26.http > 192.168.100.22.61958: Flags [P.], seq 21792:27192, ack 360, win 4409, length 5400: HTTP
19:18:54.700822 IP 192.168.100.22.61958 > 10.212.0.26.http: Flags [.], ack 15042, win 64800, length 0
19:18:54.700829 IP 10.212.0.26.http > 192.168.100.22.61958: Flags [P.], seq 27192:33022, ack 360, win 4409, length 5830: HTTP
19:18:54.700837 IP 10.212.0.26.http > 192.168.100.22.61958: Flags [F.], seq 33022, ack 360, win 4409, length 0
19:18:54.705380 IP 192.168.100.22.61958 > 10.212.0.26.http: Flags [.], ack 17742, win 64800, length 0
19:18:54.710824 IP 192.168.100.22.61958 > 10.212.0.26.http: Flags [.], ack 20442, win 64800, length 0
19:18:54.719002 IP 192.168.100.22.61958 > 10.212.0.26.http: Flags [.], ack 23142, win 64800, length 0
19:18:54.721754 IP 192.168.100.22.61958 > 10.212.0.26.http: Flags [.], ack 25842, win 64800, length 0
19:18:54.745892 IP 192.168.100.22.61958 > 10.212.0.26.http: Flags [.], ack 28542, win 64800, length 0
19:18:54.750427 IP 192.168.100.22.61958 > 10.212.0.26.http: Flags [.], ack 31242, win 64800, length 0
19:18:54.753871 IP 192.168.100.22.61958 > 10.212.0.26.http: Flags [.], ack 33023, win 64800, length 0
19:18:54.753913 IP 192.168.100.22.61958 > 10.212.0.26.http: Flags [F.], seq 360, ack 33023, win 64800, length 0
19:18:54.753919 IP 10.212.0.26.http > 192.168.100.22.61958: Flags [.], ack 361, win 4409, length 0

Internal

[donald@ltm-t1-1-dc2:Active:Standalone] ~ # tcpdump -i vl2102 host 10.102.0.10 and 10.102.0.26 -nnn -s0 -vvv
tcpdump: listening on vl2102, link-type EN10MB (Ethernet), capture size 65535 bytes
^[[15~17:53:41.526913 IP (tos 0x0, ttl 255, id 48655, offset 0, flags [DF], proto TCP (6), length 48)
    10.102.0.10.54871 > 10.102.0.26.80: Flags [S], cksum 0x1512 (incorrect -> 0xffa8), seq 1889474781, win 4050, options [mss 1350,sackOK,eol], length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector
17:53:41.528978 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 10.102.0.10 tell 10.102.0.26, length 53 in slot1/tmm0 lis=
17:53:41.528998 ARP, Ethernet (len 6), IPv4 (len 4), Reply 10.102.0.10 is-at 00:50:56:ab:fc:78, length 53 out slot1/tmm0 lis=
17:53:41.529791 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 48)
    10.102.0.26.80 > 10.102.0.10.54871: Flags [S.], cksum 0x2992 (correct), seq 3730044152, ack 1889474782, win 4380, options [mss 1460,nop,nop,sackOK], length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector
17:53:41.529801 IP (tos 0x0, ttl 255, id 48659, offset 0, flags [DF], proto TCP (6), length 40)
    10.102.0.10.54871 > 10.102.0.26.80: Flags [.], cksum 0x150a (incorrect -> 0x57a0), seq 1, ack 1, win 4050, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector
17:53:41.529808 IP (tos 0x0, ttl 255, id 48661, offset 0, flags [DF], proto TCP (6), length 475)
    10.102.0.10.54871 > 10.102.0.26.80: Flags [P.], cksum 0x16bd (incorrect -> 0x78b4), seq 1:436, ack 1, win 4050, length 435: HTTP, length: 435
        GET / HTTP/1.1
        Host: 10.212.0.26
        Connection: keep-alive
        Pragma: no-cache
        Cache-Control: no-cache
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36
        Upgrade-Insecure-Requests: 1
        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
        Accept-Encoding: gzip, deflate
        Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
         out slot1/tmm1 lis=/Common/Slitaz-Redirector
17:53:41.530918 IP (tos 0x0, ttl 64, id 55721, offset 0, flags [DF], proto TCP (6), length 40)
    10.102.0.26.80 > 10.102.0.10.54871: Flags [.], cksum 0x50cf (correct), seq 1, ack 436, win 5360, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector
17:53:41.531218 IP (tos 0x0, ttl 64, id 55722, offset 0, flags [DF], proto TCP (6), length 229)
    10.102.0.26.80 > 10.102.0.10.54871: Flags [P.], cksum 0x6fc4 (correct), seq 1:190, ack 436, win 5360, length 189: HTTP, length: 189
        HTTP/1.0 200 OK
        Content-type: text/html
        Date: Thu, 01 Mar 2018 18:44:43 GMT
        Connection: close
        Accept-Ranges: bytes
        Last-Modified: Wed, 21 Feb 2018 15:20:13 GMT
        Content-length: 429
         in slot1/tmm1 lis=/Common/Slitaz-Redirector
17:53:41.531220 IP (tos 0x0, ttl 64, id 55723, offset 0, flags [DF], proto TCP (6), length 469)
    10.102.0.26.80 > 10.102.0.10.54871: Flags [FP.], cksum 0x3ba4 (correct), seq 190:619, ack 436, win 5360, length 429: HTTP in slot1/tmm1 lis=/Common/Slitaz-Redirector
17:53:41.531231 IP (tos 0x0, ttl 255, id 48666, offset 0, flags [DF], proto TCP (6), length 40)
    10.102.0.10.54871 > 10.102.0.26.80: Flags [.], cksum 0x150a (incorrect -> 0x5473), seq 436, ack 190, win 4239, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector
17:53:41.531238 IP (tos 0x0, ttl 255, id 48669, offset 0, flags [DF], proto TCP (6), length 40)
    10.102.0.10.54871 > 10.102.0.26.80: Flags [.], cksum 0x150a (incorrect -> 0x5118), seq 436, ack 620, win 4668, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector
17:53:41.623604 IP (tos 0x0, ttl 255, id 48673, offset 0, flags [DF], proto TCP (6), length 40)
    10.102.0.10.54871 > 10.102.0.26.80: Flags [F.], cksum 0x150a (incorrect -> 0x5117), seq 436, ack 620, win 4668, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector
17:53:41.624147 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 40)
    10.102.0.26.80 > 10.102.0.10.54871: Flags [.], cksum 0x4e63 (correct), seq 620, ack 437, win 5360, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector
^C
13 packets captured
13 packets received by filter
0 packets dropped by kernel



Client tries to connect to port 80 when the VS is set to port 443 - this produces a repeated SYN [S] from the client and a RESET ACK [R.] from the F5 - See below

[donald@ltm-t1-1-dc2:Active:Standalone] ~ # tcpdump -r /var/tmp/external_80_should_be_4432018-02-28_20\:57\:28.bin
reading from file /var/tmp/external_80_should_be_4432018-02-28_20:57:28.bin, link-type EN10MB (Ethernet)
20:57:28.112772 00:00:00:00:00:00 (oui Ethernet) > 00:00:00:00:00:00 (oui Ethernet), ethertype Unknown (0x05ff), length 244:
        0x0000:  4635 2d50 7365 7564 6f2d 706b 7400 434d  F5-Pseudo-pkt.CM
        0x0010:  443a 2074 6370 6475 6d70 202d 6920 766c  D:.tcpdump.-i.vl
        0x0020:  3531 202d 7676 7620 2d6e 6e6e 202d 7330  51.-vvv.-nnn.-s0
        0x0030:  202d 7020 2d77 202f 7661 722f 746d 702f  .-p.-w./var/tmp/
        0x0040:  6578 7465 726e 616c 5f38 305f 7368 6f75  external_80_shou
        0x0050:  6c64 5f62 655f 3434 3332 3031 382d 3032  ld_be_4432018-02
        0x0060:  2d32 385f 3230 3a35 373a 3238 2e62 696e  -28_20:57:28.bin
        0x0070:  2068 6f73 7420 3139 322e 3136 382e 3130  .host.192.168.10
        0x0080:  302e 3232 0056 4552 3a20 3132 2e31 2e33  0.22.VER:.12.1.3
        0x0090:  2e31 2030 2e30 2e39 0048 4f53 543a 206c  .1.0.0.9.HOST:.l
        0x00a0:  746d 2d74 312d 312d 6463 322e 6d67 6d74  tm-t1-1-dc2.mgmt
        0x00b0:  2e66 756c 6c70 726f 7879 2d6c 6162 732e  .fullproxy-labs.
        0x00c0:  636f 2e75 6b00 504c 4154 3a20 5a31 3030  co.uk.PLAT:.Z100
        0x00d0:  0050 524f 443a 2042 4947 2d49 5000 5345  .PROD:.BIG-IP.SE
        0x00e0:  5353 3a20 3000                           SS:.0.
20:57:35.166451 IP 192.168.100.22.63144 > 10.212.0.26.http: Flags [S], seq 3768668688, win 64240, options [mss 1350,nop,wscale 8,nop,nop,sackOK], length 0 in slot1/tmm0 lis=
20:57:35.166486 IP 10.212.0.26.http > 192.168.100.22.63144: Flags [R.], seq 0, ack 3768668689, win 0, length 0 out slot1/tmm0 lis=
20:57:35.417458 IP 192.168.100.22.63145 > 10.212.0.26.http: Flags [S], seq 725762412, win 64240, options [mss 1350,nop,wscale 8,nop,nop,sackOK], length 0 in slot1/tmm1 lis=
20:57:35.417483 IP 10.212.0.26.http > 192.168.100.22.63145: Flags [R.], seq 0, ack 725762413, win 0, length 0 out slot1/tmm1 lis=
20:57:35.707186 IP 192.168.100.22.63144 > 10.212.0.26.http: Flags [S], seq 3768668688, win 64240, options [mss 1350,nop,wscale 8,nop,nop,sackOK], length 0 in slot1/tmm0 lis=
20:57:35.707209 IP 10.212.0.26.http > 192.168.100.22.63144: Flags [R.], seq 0, ack 1, win 0, length 0 out slot1/tmm0 lis=
20:57:35.958859 IP 192.168.100.22.63145 > 10.212.0.26.http: Flags [S], seq 725762412, win 64240, options [mss 1350,nop,wscale 8,nop,nop,sackOK], length 0 in slot1/tmm1 lis=
20:57:35.958881 IP 10.212.0.26.http > 192.168.100.22.63145: Flags [R.], seq 0, ack 1, win 0, length 0 out slot1/tmm1 lis=
20:57:36.247422 IP 192.168.100.22.63144 > 10.212.0.26.http: Flags [S], seq 3768668688, win 64240, options [mss 1350,nop,wscale 8,nop,nop,sackOK], length 0 in slot1/tmm0 lis=
20:57:36.247466 IP 10.212.0.26.http > 192.168.100.22.63144: Flags [R.], seq 0, ack 1, win 0, length 0 out slot1/tmm0 lis=
20:57:36.501120 IP 192.168.100.22.63145 > 10.212.0.26.http: Flags [S], seq 725762412, win 64240, options [mss 1350,nop,wscale 8,nop,nop,sackOK], length 0 in slot1/tmm1 lis=
20:57:36.501158 IP 10.212.0.26.http > 192.168.100.22.63145: Flags [R.], seq 0, ack 1, win 0, length 0 out slot1/tmm1 lis=

#!

Client tries to connect to port 443 when the VS is set to port 443 but with no SSL profile - this produces a conversation with minimal traffic  - See below  -  Followed by an ssldump of the same connection showing the client hello followed by nothing as the VS has no client ssl profile.

[donald@ltm-t1-1-dc2:Active:Standalone] ~ # tcpdump -r /var/tmp/external_443_without_Client-ssl_2018-02-28_21\:55\:15.bin
reading from file /var/tmp/external_443_without_Client-ssl_2018-02-28_21:55:15.bin, link-type EN10MB (Ethernet)
21:55:15.487030 00:00:00:00:00:00 (oui Ethernet) > 00:00:00:00:00:00 (oui Ethernet), ethertype Unknown (0x05ff), length 251:
        0x0000:  4635 2d50 7365 7564 6f2d 706b 7400 434d  F5-Pseudo-pkt.CM
        0x0010:  443a 2074 6370 6475 6d70 202d 6920 766c  D:.tcpdump.-i.vl
        0x0020:  3531 202d 7676 7620 2d6e 6e6e 202d 7330  51.-vvv.-nnn.-s0
        0x0030:  202d 7020 2d77 202f 7661 722f 746d 702f  .-p.-w./var/tmp/
        0x0040:  6578 7465 726e 616c 5f34 3433 5f77 6974  external_443_wit
        0x0050:  686f 7574 5f43 6c69 656e 742d 7373 6c5f  hout_Client-ssl_
        0x0060:  3230 3138 2d30 322d 3238 5f32 313a 3535  2018-02-28_21:55
        0x0070:  3a31 352e 6269 6e20 686f 7374 2031 3932  :15.bin.host.192
        0x0080:  2e31 3638 2e31 3130 2e31 3200 5645 523a  .168.110.12.VER:
        0x0090:  2031 322e 312e 332e 3120 302e 302e 3900  .12.1.3.1.0.0.9.
        0x00a0:  484f 5354 3a20 6c74 6d2d 7431 2d31 2d64  HOST:.ltm-t1-1-d
        0x00b0:  6332 2e6d 676d 742e 6675 6c6c 7072 6f78  c2.mgmt.fullprox
        0x00c0:  792d 6c61 6273 2e63 6f2e 756b 0050 4c41  y-labs.co.uk.PLA
        0x00d0:  543a 205a 3130 3000 5052 4f44 3a20 4249  T:.Z100.PROD:.BI
        0x00e0:  472d 4950 0053 4553 533a 2030 00         G-IP.SESS:.0.
21:55:19.586307 IP 192.168.110.12.55465 > 10.212.0.26.https: Flags [S], seq 526468216, win 64240, options [mss 1350,nop,wscale 8,nop,nop,sackOK], length 0 in slot1/tmm0 lis=
21:55:19.586345 IP 10.212.0.26.https > 192.168.110.12.55465: Flags [S.], seq 4095559000, ack 526468217, win 4050, options [mss 1460,sackOK,eol], length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector
21:55:19.627656 IP 192.168.110.12.55465 > 10.212.0.26.https: Flags [.], ack 1, win 64240, length 0 in slot1/tmm0 lis=/Common/Slitaz-Redirector
21:55:19.627815 IP 192.168.110.12.55465 > 10.212.0.26.https: Flags P.], seq 1:169, ack 1, win 64240, length 168 in slot1/tmm0 lis=/Common/Slitaz-Redirector
21:55:19.627826 IP 10.212.0.26.https > 192.168.110.12.55465: Flags [.], ack 169, win 4218, length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector
21:55:29.669054 IP 192.168.110.12.55465 > 10.212.0.26.https: Flags [.], seq 168:169, ack 1, win 64240, length 1 in slot1/tmm0 lis=/Common/Slitaz-Redirector
21:55:29.669066 IP 10.212.0.26.https > 192.168.110.12.55465: Flags [.], ack 169, win 4218, length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector
21:55:39.711098 IP 192.168.110.12.55465 > 10.212.0.26.https: Flags [.], seq 168:169, ack 1, win 64240, length 1 in slot1/tmm0 lis=/Common/Slitaz-Redirector
21:55:39.711110 IP 10.212.0.26.https > 192.168.110.12.55465: Flags [.], ack 169, win 4218, length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector
21:55:49.751761 IP 192.168.110.12.55465 > 10.212.0.26.https: Flags [.], seq 168:169, ack 1, win 64240, length 1 in slot1/tmm0 lis=/Common/Slitaz-Redirector
21:55:49.751773 IP 10.212.0.26.https > 192.168.110.12.55465: Flags [.], ack 169, win 4218, length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector
21:55:58.585769 IP 192.168.110.12.55465 > 10.212.0.26.https: Flags [F.], seq 169, ack 1, win 64240, length 0 in slot1/tmm0 lis=/Common/Slitaz-Redirector
21:55:58.585786 IP 10.212.0.26.https > 192.168.110.12.55465: Flags [.], ack 170, win 4218, length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector
21:55:58.585790 IP 10.212.0.26.https > 192.168.110.12.55465: Flags [F.], seq 1, ack 170, win 4218, length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector
21:55:58.627333 IP 192.168.110.12.55465 > 10.212.0.26.https: Flags [.], ack 2, win 64240, length 0 in slot1/tmm0 lis=/Common/Slitaz-Redirector

SSLDUMP
[donald@ltm-t1-1-dc2:Active:Standalone] ~ # ssldump -AedH -i vl51 host 192.168.110.12

New TCP connection #1: 192.168.110.12(55555) <-> 10.212.0.26(443)
1 1  1519855921.8432 (0.0427)  C>SV3.1(163)  Handshake
      ClientHello
        Version 3.3
        random[32]=
          06 e1 0c c9 16 05 3a a2 43 ac c0 4a c0 65 4b 82
          d4 45 06 df 52 da 8d 3f 90 6f 91 44 bf 46 9d 72
        cipher suites
        TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
        TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
        Unknown value 0xcca9
        Unknown value 0xcca8
        TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
        TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
        TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
        TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
        TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
        TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
        TLS_DHE_RSA_WITH_AES_128_CBC_SHA
        TLS_DHE_RSA_WITH_AES_256_CBC_SHA
        TLS_RSA_WITH_AES_128_CBC_SHA
        TLS_RSA_WITH_AES_256_CBC_SHA
        TLS_RSA_WITH_3DES_EDE_CBC_SHA
        compression methods
                  NULL

Client tries to connect to port 443 again once the SSL profile has been applied - this produces a conversation with a lot more data as the webpage is now being served and recieved  - See below  -  Followed by an ssldump of the same connection showing a full ssl handshake followed by encrypted application data.

[donald@ltm-t1-1-dc2:Active:Standalone] ~ # tcpdump -r /var/tmp/external_443_SSLprofile_applied_2018-03-01_11\:43\:51.bin
reading from file /var/tmp/external_443_SSLprofile_applied_2018-03-01_11:43:51.bin, link-type EN10MB (Ethernet)
11:43:51.978072 00:00:00:00:00:00 (oui Ethernet) > 00:00:00:00:00:00 (oui Ethernet), ethertype Unknown (0x05ff), length 234:
        0x0000:  4635 2d50 7365 7564 6f2d 706b 7400 434d  F5-Pseudo-pkt.CM
        0x0010:  443a 2074 6370 6475 6d70 202d 6920 766c  D:.tcpdump.-i.vl
        0x0020:  3531 202d 7720 2f76 6172 2f74 6d70 2f65  51.-w./var/tmp/e
        0x0030:  7874 6572 6e61 6c5f 3434 335f 5353 4c70  xternal_443_SSLp
        0x0040:  726f 6669 6c65 5f61 7070 6c69 6564 5f32  rofile_applied_2
        0x0050:  3031 382d 3033 2d30 315f 3131 3a34 333a  018-03-01_11:43:
        0x0060:  3531 2e62 696e 2068 6f73 7420 3139 322e  51.bin.host.192.
        0x0070:  3136 382e 3130 302e 3232 0056 4552 3a20  168.100.22.VER:.
        0x0080:  3132 2e31 2e33 2e31 2030 2e30 2e39 0048  12.1.3.1.0.0.9.H
        0x0090:  4f53 543a 206c 746d 2d74 312d 312d 6463  OST:.ltm-t1-1-dc
        0x00a0:  322e 6d67 6d74 2e66 756c 6c70 726f 7879  2.mgmt.fullproxy
        0x00b0:  2d6c 6162 732e 636f 2e75 6b00 504c 4154  -labs.co.uk.PLAT
        0x00c0:  3a20 5a31 3030 0050 524f 443a 2042 4947  :.Z100.PROD:.BIG
        0x00d0:  2d49 5000 5345 5353 3a20 3000            -IP.SESS:.0.
11:44:18.659827 IP 192.168.100.22.50795 > 10.212.0.26.https: Flags [S], seq 2173373102, win 64240, options [mss 1350,nop,wscale 8,nop,nop,sackOK], length 0 in slot1/tmm0 lis=
11:44:18.659866 IP 10.212.0.26.https > 192.168.100.22.50795: Flags [S.], seq 1052002990, ack 2173373103, win 4050, options [mss 1460,sackOK,eol], length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector
11:44:18.700507 IP 192.168.100.22.50795 > 10.212.0.26.https: Flags [.], ack 1, win 64240, length 0 in slot1/tmm0 lis=/Common/Slitaz-Redirector
11:44:18.701331 IP 192.168.100.22.50795 > 10.212.0.26.https: Flags [P.], seq 1:180, ack 1, win 64240, length 179 in slot1/tmm0 lis=/Common/Slitaz-Redirector
11:44:18.704968 IP 10.212.0.26.https > 192.168.100.22.50795: Flags [P.], seq 1:1057, ack 180, win 4050, length 1056 out slot1/tmm0 lis=/Common/Slitaz-Redirector
11:44:18.750412 IP 192.168.100.22.50795 > 10.212.0.26.https: Flags [P.], seq 180:498, ack 1057, win 64800, length 318 in slot1/tmm0 lis=/Common/Slitaz-Redirector
11:44:18.750433 IP 10.212.0.26.https > 192.168.100.22.50795: Flags [.], ack 498, win 4547, length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector
11:44:18.753297 IP 10.212.0.26.https > 192.168.100.22.50795: Flags [P.], seq 1057:1063, ack 498, win 4547, length 6 out slot1/tmm0 lis=/Common/Slitaz-Redirector
11:44:18.753304 IP 10.212.0.26.https > 192.168.100.22.50795: Flags [P.], seq 1063:1108, ack 498, win 4547, length 45 out slot1/tmm0 lis=/Common/Slitaz-Redirector
11:44:18.794241 IP 192.168.100.22.50795 > 10.212.0.26.https: Flags [.], ack 1108, win 64749, length 0 in slot1/tmm0 lis=/Common/Slitaz-Redirector
11:44:18.796563 IP 192.168.100.22.50795 > 10.212.0.26.https: Flags [F.], seq 498, ack 1108, win 64749, length 0 in slot1/tmm0 lis=/Common/Slitaz-Redirector
11:44:18.796576 IP 10.212.0.26.https > 192.168.100.22.50795: Flags [.], ack 499, win 4547, length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector
11:44:18.796578 IP 10.212.0.26.https > 192.168.100.22.50795: Flags [F.], seq 1108, ack 499, win 4547, length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector
11:44:18.838623 IP 192.168.100.22.50795 > 10.212.0.26.https: Flags [.], ack 1109, win 64749, length 0 in slot1/tmm0 lis=/Common/Slitaz-Redirector
11:44:21.625407 IP 192.168.100.22.50796 > 10.212.0.26.https: Flags [S], seq 2665896139, win 64240, options [mss 1350,nop,wscale 8,nop,nop,sackOK], length 0 in slot1/tmm1 lis=
11:44:21.625507 IP 10.212.0.26.https > 192.168.100.22.50796: Flags [S.], seq 1649784331, ack 2665896140, win 4050, options [mss 1460,sackOK,eol], length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:21.666772 IP 192.168.100.22.50796 > 10.212.0.26.https: Flags [.], ack 1, win 64240, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:21.667215 IP 192.168.100.22.50796 > 10.212.0.26.https: Flags [P.], seq 1:180, ack 1, win 64240, length 179 in slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:21.669904 IP 10.212.0.26.https > 192.168.100.22.50796: Flags [P.], seq 1:1057, ack 180, win 4050, length 1056 out slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:21.715332 IP 192.168.100.22.50796 > 10.212.0.26.https: Flags [P.], seq 180:498, ack 1057, win 64800, length 318 in slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:21.715369 IP 10.212.0.26.https > 192.168.100.22.50796: Flags [.], ack 498, win 4547, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:21.718202 IP 10.212.0.26.https > 192.168.100.22.50796: Flags [P.], seq 1057:1063, ack 498, win 4547, length 6 out slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:21.718209 IP 10.212.0.26.https > 192.168.100.22.50796: Flags [P.], seq 1063:1108, ack 498, win 4547, length 45 out slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:21.759350 IP 192.168.100.22.50796 > 10.212.0.26.https: Flags [.], ack 1108, win 64749, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:21.760603 IP 192.168.100.22.50796 > 10.212.0.26.https: Flags [P.], seq 498:949, ack 1108, win 64749, length 451 in slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:21.760610 IP 10.212.0.26.https > 192.168.100.22.50796: Flags [.], ack 949, win 4998, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:21.765205 IP 10.212.0.26.https > 192.168.100.22.50796: Flags [P.], seq 1108:1755, ack 949, win 4998, length 647 out slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:21.765210 IP 10.212.0.26.https > 192.168.100.22.50796: Flags [F.], seq 1755, ack 949, win 4998, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:21.806707 IP 192.168.100.22.50796 > 10.212.0.26.https: Flags [.], ack 1108, win 64749, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:21.807603 IP 192.168.100.22.50796 > 10.212.0.26.https: Flags [.], ack 1756, win 64102, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:21.814426 IP 192.168.100.22.50796 > 10.212.0.26.https: Flags [F.], seq 949, ack 1756, win 64102, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:21.814437 IP 10.212.0.26.https > 192.168.100.22.50796: Flags [.], ack 950, win 4998, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:21.844007 IP 192.168.100.22.50797 > 10.212.0.26.https: Flags [S], seq 3461653776, win 64240, options [mss 1350,nop,wscale 8,nop,nop,sackOK], length 0 in slot1/tmm0 lis=
11:44:21.844032 IP 10.212.0.26.https > 192.168.100.22.50797: Flags [S.], seq 3059995708, ack 3461653777, win 4050, options [mss 1460,sackOK,eol], length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector
11:44:21.885414 IP 192.168.100.22.50797 > 10.212.0.26.https: Flags [.], ack 1, win 64240, length 0 in slot1/tmm0 lis=/Common/Slitaz-Redirector
11:44:21.885817 IP 192.168.100.22.50797 > 10.212.0.26.https: Flags [P.], seq 1:212, ack 1, win 64240, length 211 in slot1/tmm0 lis=/Common/Slitaz-Redirector
11:44:21.885839 IP 10.212.0.26.https > 192.168.100.22.50797: Flags [.], ack 212, win 4261, length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector
11:44:21.886898 IP 10.212.0.26.https > 192.168.100.22.50797: Flags [P.], seq 1:93, ack 212, win 4261, length 92 out slot1/tmm0 lis=/Common/Slitaz-Redirector
11:44:21.887926 IP 10.212.0.26.https > 192.168.100.22.50797: Flags [P.], seq 93:138, ack 212, win 4261, length 45 out slot1/tmm0 lis=/Common/Slitaz-Redirector
11:44:21.928420 IP 192.168.100.22.50797 > 10.212.0.26.https: Flags [.], ack 138, win 64103, length 0 in slot1/tmm0 lis=/Common/Slitaz-Redirector
11:44:21.928594 IP 192.168.100.22.50797 > 10.212.0.26.https: Flags [P.], seq 212:263, ack 138, win 64103, length 51 in slot1/tmm0 lis=/Common/Slitaz-Redirector
11:44:21.928600 IP 10.212.0.26.https > 192.168.100.22.50797: Flags [.], ack 263, win 4312, length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector
11:44:21.928629 IP 192.168.100.22.50797 > 10.212.0.26.https: Flags [F.], seq 263, ack 138, win 64103, length 0 in slot1/tmm0 lis=/Common/Slitaz-Redirector
11:44:21.928643 IP 10.212.0.26.https > 192.168.100.22.50797: Flags [.], ack 264, win 4312, length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector
11:44:21.929673 IP 10.212.0.26.https > 192.168.100.22.50797: Flags [.], ack 264, win 4312, length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector
11:44:21.929683 IP 10.212.0.26.https > 192.168.100.22.50797: Flags [F.], seq 138, ack 264, win 4312, length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector
11:44:21.930966 IP 192.168.100.22.50798 > 10.212.0.26.https: Flags [S], seq 4069631451, win 64240, options [mss 1350,nop,wscale 8,nop,nop,sackOK], length 0 in slot1/tmm1 lis=
11:44:21.931010 IP 10.212.0.26.https > 192.168.100.22.50798: Flags [S.], seq 2885903674, ack 4069631452, win 4050, options [mss 1460,sackOK,eol], length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:21.970058 IP 192.168.100.22.50797 > 10.212.0.26.https: Flags [.], ack 139, win 64103, length 0 in slot1/tmm0 lis=/Common/Slitaz-Redirector
11:44:21.972058 IP 192.168.100.22.50798 > 10.212.0.26.https: Flags [.], ack 1, win 64240, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:21.972521 IP 192.168.100.22.50798 > 10.212.0.26.https: Flags [P.], seq 1:212, ack 1, win 64240, length 211 in slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:21.972565 IP 10.212.0.26.https > 192.168.100.22.50798: Flags [P.], seq 1:93, ack 212, win 4050, length 92 out slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:21.973588 IP 10.212.0.26.https > 192.168.100.22.50798: Flags [P.], seq 93:138, ack 212, win 4261, length 45 out slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:22.014671 IP 192.168.100.22.50798 > 10.212.0.26.https: Flags [.], ack 138, win 64103, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:22.014850 IP 192.168.100.22.50798 > 10.212.0.26.https: Flags [P.], seq 212:263, ack 138, win 64103, length 51 in slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:22.014858 IP 10.212.0.26.https > 192.168.100.22.50798: Flags [.], ack 263, win 4312, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:22.014981 IP 10.212.0.26.https > 192.168.100.22.50798: Flags [.], ack 263, win 4312, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:22.014994 IP 192.168.100.22.50798 > 10.212.0.26.https: Flags [P.], seq 263:656, ack 138, win 64103, length 393 in slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:22.015004 IP 10.212.0.26.https > 192.168.100.22.50798: Flags [.], ack 656, win 4705, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:22.020772 IP 10.212.0.26.https > 192.168.100.22.50798: Flags [P.], seq 138:1708, ack 656, win 4705, length 1570 out slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:22.022851 IP 10.212.0.26.https > 192.168.100.22.50798: Flags [P.], seq 1708:3087, ack 656, win 4705, length 1379 out slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:22.026020 IP 10.212.0.26.https > 192.168.100.22.50798: Flags [P.], seq 3087:4466, ack 656, win 4705, length 1379 out slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:22.028085 IP 10.212.0.26.https > 192.168.100.22.50798: Flags [P.], seq 4466:4479, ack 656, win 4705, length 13 out slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:22.029229 IP 10.212.0.26.https > 192.168.100.22.50798: Flags [P.], seq 4479:4656, ack 656, win 4705, length 177 out slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:22.064502 IP 192.168.100.22.50798 > 10.212.0.26.https: Flags [.], ack 1708, win 64800, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:22.067665 IP 192.168.100.22.50798 > 10.212.0.26.https: Flags [.], ack 3087, win 64800, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:22.073240 IP 192.168.100.22.50798 > 10.212.0.26.https: Flags [.], ack 4656, win 64800, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:22.073256 IP 10.212.0.26.https > 192.168.100.22.50798: Flags [P.], seq 4656:7237, ack 656, win 4705, length 2581 out slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:22.073259 IP 10.212.0.26.https > 192.168.100.22.50798: Flags [P.], seq 7237:9995, ack 656, win 4705, length 2758 out slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:22.073262 IP 10.212.0.26.https > 192.168.100.22.50798: Flags [P.], seq 9995:12753, ack 656, win 4705, length 2758 out slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:22.120668 IP 192.168.100.22.50798 > 10.212.0.26.https: Flags [.], ack 7237, win 64800, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:22.120674 IP 10.212.0.26.https > 192.168.100.22.50798: Flags [P.], seq 12753:18240, ack 656, win 4705, length 5487 out slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:22.124323 IP 192.168.100.22.50798 > 10.212.0.26.https: Flags [.], ack 9995, win 64800, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:22.124328 IP 10.212.0.26.https > 192.168.100.22.50798: Flags [P.], seq 18240:22348, ack 656, win 4705, length 4108 out slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:22.128117 IP 192.168.100.22.50798 > 10.212.0.26.https: Flags [.], ack 11345, win 64800, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:22.128122 IP 10.212.0.26.https > 192.168.100.22.50798: Flags [P.], seq 22348:25077, ack 656, win 4705, length 2729 out slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:22.130173 IP 192.168.100.22.50798 > 10.212.0.26.https: Flags [.], ack 12753, win 64800, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:22.130178 IP 10.212.0.26.https > 192.168.100.22.50798: Flags [P.], seq 25077:29800, ack 656, win 4705, length 4723 out slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:22.167549 IP 192.168.100.22.50798 > 10.212.0.26.https: Flags [.], ack 15453, win 64800, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:22.167555 IP 10.212.0.26.https > 192.168.100.22.50798: Flags [P.], seq 29800:33710, ack 656, win 4705, length 3910 out slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:22.167563 IP 10.212.0.26.https > 192.168.100.22.50798: Flags [F.], seq 33710, ack 656, win 4705, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:22.172328 IP 192.168.100.22.50798 > 10.212.0.26.https: Flags [.], ack 18240, win 64800, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:22.175747 IP 192.168.100.22.50798 > 10.212.0.26.https: Flags [.], ack 19590, win 64800, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:22.181214 IP 192.168.100.22.50798 > 10.212.0.26.https: Flags [.], ack 22348, win 64800, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:22.182522 IP 192.168.100.22.50798 > 10.212.0.26.https: Flags [.], ack 23698, win 64800, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:22.185282 IP 192.168.100.22.50798 > 10.212.0.26.https: Flags [.], ack 25077, win 64800, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:22.191449 IP 192.168.100.22.50798 > 10.212.0.26.https: Flags [.], ack 27777, win 64800, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:22.194209 IP 192.168.100.22.50798 > 10.212.0.26.https: Flags [.], ack 29800, win 64800, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:22.215154 IP 192.168.100.22.50798 > 10.212.0.26.https: Flags [.], ack 32500, win 64800, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:22.215974 IP 192.168.100.22.50798 > 10.212.0.26.https: Flags [.], ack 32500, win 64800, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:22.217459 IP 192.168.100.22.50798 > 10.212.0.26.https: Flags [.], ack 33711, win 63590, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:22.218504 IP 192.168.100.22.50798 > 10.212.0.26.https: Flags [F.], seq 656, ack 33711, win 63590, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:22.218512 IP 10.212.0.26.https > 192.168.100.22.50798: Flags [.], ack 657, win 4705, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:22.302217 IP 192.168.100.22.50801 > 10.212.0.26.https: Flags [S], seq 1239287547, win 64240, options [mss 1350,nop,wscale 8,nop,nop,sackOK], length 0 in slot1/tmm0 lis=
11:44:22.302246 IP 10.212.0.26.https > 192.168.100.22.50801: Flags [S.], seq 624260181, ack 1239287548, win 4050, options [mss 1460,sackOK,eol], length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector
11:44:22.342595 IP 192.168.100.22.50801 > 10.212.0.26.https: Flags [.], ack 1, win 64240, length 0 in slot1/tmm0 lis=/Common/Slitaz-Redirector
11:44:22.343697 IP 192.168.100.22.50801 > 10.212.0.26.https: Flags [P.], seq 1:212, ack 1, win 64240, length 211 in slot1/tmm0 lis=/Common/Slitaz-Redirector
11:44:22.343716 IP 10.212.0.26.https > 192.168.100.22.50801: Flags [.], ack 212, win 4261, length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector
11:44:22.344784 IP 10.212.0.26.https > 192.168.100.22.50801: Flags [P.], seq 1:93, ack 212, win 4261, length 92 out slot1/tmm0 lis=/Common/Slitaz-Redirector
11:44:22.345826 IP 10.212.0.26.https > 192.168.100.22.50801: Flags [P.], seq 93:138, ack 212, win 4261, length 45 out slot1/tmm0 lis=/Common/Slitaz-Redirector
11:44:22.386048 IP 192.168.100.22.50801 > 10.212.0.26.https: Flags [.], ack 138, win 64103, length 0 in slot1/tmm0 lis=/Common/Slitaz-Redirector
11:44:22.386661 IP 192.168.100.22.50801 > 10.212.0.26.https: Flags [P.], seq 212:263, ack 138, win 64103, length 51 in slot1/tmm0 lis=/Common/Slitaz-Redirector
11:44:22.386669 IP 10.212.0.26.https > 192.168.100.22.50801: Flags [.], ack 263, win 4312, length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector
11:44:22.386874 IP 192.168.100.22.50801 > 10.212.0.26.https: Flags [F.], seq 263, ack 138, win 64103, length 0 in slot1/tmm0 lis=/Common/Slitaz-Redirector
11:44:22.386886 IP 10.212.0.26.https > 192.168.100.22.50801: Flags [.], ack 264, win 4312, length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector
11:44:22.387919 IP 10.212.0.26.https > 192.168.100.22.50801: Flags [.], ack 264, win 4312, length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector
11:44:22.387931 IP 10.212.0.26.https > 192.168.100.22.50801: Flags [F.], seq 138, ack 264, win 4312, length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector
11:44:22.390118 IP 192.168.100.22.50802 > 10.212.0.26.https: Flags [S], seq 527761147, win 64240, options [mss 1350,nop,wscale 8,nop,nop,sackOK], length 0 in slot1/tmm1 lis=
11:44:22.390166 IP 10.212.0.26.https > 192.168.100.22.50802: Flags [S.], seq 1145275000, ack 527761148, win 4050, options [mss 1460,sackOK,eol], length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:22.428843 IP 192.168.100.22.50801 > 10.212.0.26.https: Flags [.], ack 139, win 64103, length 0 in slot1/tmm0 lis=/Common/Slitaz-Redirector
11:44:22.431307 IP 192.168.100.22.50802 > 10.212.0.26.https: Flags [.], ack 1, win 64240, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:22.431742 IP 192.168.100.22.50802 > 10.212.0.26.https: Flags [P.], seq 1:212, ack 1, win 64240, length 211 in slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:22.431783 IP 10.212.0.26.https > 192.168.100.22.50802: Flags [P.], seq 1:93, ack 212, win 4050, length 92 out slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:22.432806 IP 10.212.0.26.https > 192.168.100.22.50802: Flags [P.], seq 93:138, ack 212, win 4261, length 45 out slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:22.477357 IP 192.168.100.22.50802 > 10.212.0.26.https: Flags [.], ack 138, win 64103, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:22.477413 IP 192.168.100.22.50802 > 10.212.0.26.https: Flags [P.], seq 212:263, ack 138, win 64103, length 51 in slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:22.477423 IP 10.212.0.26.https > 192.168.100.22.50802: Flags [.], ack 263, win 4312, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:22.478476 IP 10.212.0.26.https > 192.168.100.22.50802: Flags [.], ack 263, win 4312, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:22.478581 IP 192.168.100.22.50802 > 10.212.0.26.https: Flags [P.], seq 263:654, ack 138, win 64103, length 391 in slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:22.478588 IP 10.212.0.26.https > 192.168.100.22.50802: Flags [.], ack 654, win 4703, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:22.484275 IP 10.212.0.26.https > 192.168.100.22.50802: Flags [P.], seq 138:398, ack 654, win 4703, length 260 out slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:22.484278 IP 10.212.0.26.https > 192.168.100.22.50802: Flags [F.], seq 398, ack 654, win 4703, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:22.525381 IP 192.168.100.22.50802 > 10.212.0.26.https: Flags [.], ack 399, win 63843, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:22.528754 IP 192.168.100.22.50802 > 10.212.0.26.https: Flags [F.], seq 654, ack 399, win 63843, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector
11:44:22.528763 IP 10.212.0.26.https > 192.168.100.22.50802: Flags [.], ack 655, win 4703, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector

SSLDUMP
[donald@ltm-t1-1-dc2:Active:Standalone] ~ # ssldump -AedH -i vl51 host 192.168.100.22
New TCP connection #1: 192.168.100.22(50813) <-> 10.212.0.26(443)
1 1  1519904858.3651 (0.0413)  C>SV3.1(174)  Handshake
      ClientHello
        Version 3.3
        random[32]=
          6e 8b bd 2d 09 25 17 1e d5 6f 50 b0 76 dc de e4
          44 30 52 6c 22 b0 ff 20 b6 bc da 97 69 54 41 40
        cipher suites
        Unknown value 0x6a6a
        TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
        TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
        TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
        TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
        Unknown value 0xcca9
        Unknown value 0xcca8
        TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
        TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
        TLS_RSA_WITH_AES_128_GCM_SHA256
        TLS_RSA_WITH_AES_256_GCM_SHA384
        TLS_RSA_WITH_AES_128_CBC_SHA
        TLS_RSA_WITH_AES_256_CBC_SHA
        TLS_RSA_WITH_3DES_EDE_CBC_SHA
        compression methods
                  NULL
1 2  1519904858.3652 (0.0000)  S>CV3.3(81)  Handshake
      ServerHello
        Version 3.3
        random[32]=
          ce 56 7a 24 dc 45 63 0d 3a 66 33 24 57 ac c4 c0
          ec 33 43 4b 0a c4 08 9b 74 76 a5 65 2a 16 3d d8
        session_id[32]=
          20 ff 53 89 55 a3 a6 cc c9 86 3b 51 7c ab 0e 15
          4e 5e e1 3d 98 e2 b5 79 72 61 9d bb cc bb de a5
        cipherSuite         TLS_RSA_WITH_AES_256_GCM_SHA384
        compressionMethod                   NULL
1 3  1519904858.3652 (0.0000)  S>CV3.3(956)  Handshake
      Certificate
1 4  1519904858.3652 (0.0000)  S>CV3.3(4)  Handshake
      ServerHelloDone
1 5  1519904858.4139 (0.0487)  C>SV3.3(262)  Handshake
      ClientKeyExchange
1 6  1519904858.4139 (0.0000)  C>SV3.3(1)  ChangeCipherSpec
1 7  1519904858.4139 (0.0000)  C>SV3.3(40)  Handshake
1 8  1519904858.4163 (0.0023)  S>CV3.3(1)  ChangeCipherSpec
1 9  1519904858.4163 (0.0000)  S>CV3.3(40)  Handshake
1    1519904858.4577 (0.0413)  C>S  TCP FIN
1    1519904858.4577 (0.0000)  S>C  TCP FIN
New TCP connection #2: 192.168.100.22(50814) <-> 10.212.0.26(443)
2 1  1519904858.5034 (0.0422)  C>SV3.1(174)  Handshake
      ClientHello
        Version 3.3
        random[32]=
          6f 4f ed 9e 9d 0a db dc 2d 62 e2 fd 8b 71 ea 3d
          d7 43 0c 13 b2 ee 14 0c 25 b1 13 5e fb 6b 01 fb
        cipher suites
        Unknown value 0x6a6a
        TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
        TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
        TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
        TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
        Unknown value 0xcca9
        Unknown value 0xcca8
        TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
        TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
        TLS_RSA_WITH_AES_128_GCM_SHA256
        TLS_RSA_WITH_AES_256_GCM_SHA384
        TLS_RSA_WITH_AES_128_CBC_SHA
        TLS_RSA_WITH_AES_256_CBC_SHA
        TLS_RSA_WITH_3DES_EDE_CBC_SHA
        compression methods
                  NULL
2 2  1519904858.5034 (0.0000)  S>CV3.3(81)  Handshake
      ServerHello
        Version 3.3
        random[32]=
          27 ae 3c 36 29 18 9c 06 c4 4e 34 8f 54 55 5d 98
          99 20 38 e0 a8 d6 48 3b 47 70 40 31 b1 0c 24 3e
        session_id[32]=
          5b fe 44 e0 be 12 48 15 63 67 8c 88 47 fa 11 3d
          ea ad 91 d9 b0 81 9d 8d 19 c0 8a 82 57 ca a1 8c
        cipherSuite         TLS_RSA_WITH_AES_256_GCM_SHA384
        compressionMethod                   NULL
2 3  1519904858.5034 (0.0000)  S>CV3.3(956)  Handshake
      Certificate
2 4  1519904858.5034 (0.0000)  S>CV3.3(4)  Handshake
      ServerHelloDone
2 5  1519904858.5484 (0.0449)  C>SV3.3(262)  Handshake
      ClientKeyExchange
2 6  1519904858.5484 (0.0000)  C>SV3.3(1)  ChangeCipherSpec
2 7  1519904858.5484 (0.0000)  C>SV3.3(40)  Handshake
2 8  1519904858.5508 (0.0023)  S>CV3.3(1)  ChangeCipherSpec
2 9  1519904858.5508 (0.0000)  S>CV3.3(40)  Handshake
2 10 1519904858.5928 (0.0420)  C>SV3.3(420)  application_data
2 11 1519904858.5986 (0.0057)  S>CV3.3(642)  application_data
2    1519904858.5986 (0.0000)  S>C  TCP FIN
2    1519904858.6425 (0.0439)  C>S  TCP FIN
New TCP connection #3: 192.168.100.22(50815) <-> 10.212.0.26(443)
3 1  1519904858.7176 (0.0504)  C>SV3.1(206)  Handshake
      ClientHello
        Version 3.3
        random[32]=
          91 ea 5e 27 33 22 81 db 8a c1 44 ba b1 35 5d 46
          e3 2c 9c 45 13 f7 7c 17 e8 70 d4 72 fa f1 a8 ab
        resume [32]=
          5b fe 44 e0 be 12 48 15 63 67 8c 88 47 fa 11 3d
          ea ad 91 d9 b0 81 9d 8d 19 c0 8a 82 57 ca a1 8c
        cipher suites
        Unknown value 0x9a9a
        TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
        TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
        TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
        TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
        Unknown value 0xcca9
        Unknown value 0xcca8
        TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
        TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
        TLS_RSA_WITH_AES_128_GCM_SHA256
        TLS_RSA_WITH_AES_256_GCM_SHA384
        TLS_RSA_WITH_AES_128_CBC_SHA
        TLS_RSA_WITH_AES_256_CBC_SHA
        TLS_RSA_WITH_3DES_EDE_CBC_SHA
        compression methods
                  NULL
3 2  1519904858.7187 (0.0010)  S>CV3.3(81)  Handshake
      ServerHello
        Version 3.3
        random[32]=
          a3 7f 41 59 73 24 83 2e 60 38 a7 ad b1 ff 73 d7
          dd 8f 06 a3 60 6a a0 3e 63 6d d2 26 13 34 d2 21
        session_id[32]=
          5b fe 44 e0 be 12 48 15 63 67 8c 88 47 fa 11 3d
          ea ad 91 d9 b0 81 9d 8d 19 c0 8a 82 57 ca a1 8c
        cipherSuite         TLS_RSA_WITH_AES_256_GCM_SHA384
        compressionMethod                   NULL
3 3  1519904858.7187 (0.0000)  S>CV3.3(1)  ChangeCipherSpec
3 4  1519904858.7198 (0.0010)  S>CV3.3(40)  Handshake
3 5  1519904858.7635 (0.0437)  C>SV3.3(1)  ChangeCipherSpec
3 6  1519904858.7635 (0.0000)  C>SV3.3(40)  Handshake
3    1519904858.7637 (0.0001)  C>S  TCP FIN
3    1519904858.7647 (0.0010)  S>C  TCP FIN
New TCP connection #4: 192.168.100.22(50816) <-> 10.212.0.26(443)
4 1  1519904858.8094 (0.0433)  C>SV3.1(206)  Handshake
      ClientHello
        Version 3.3
        random[32]=
          e1 a2 46 14 ee 43 4e 01 ab d0 7c c3 ca c0 77 e5
          72 09 8a 29 51 85 c1 4a 96 79 70 c9 7b be 62 c0
        resume [32]=
          5b fe 44 e0 be 12 48 15 63 67 8c 88 47 fa 11 3d
          ea ad 91 d9 b0 81 9d 8d 19 c0 8a 82 57 ca a1 8c
        cipher suites
        Unknown value 0xeaea
        TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
        TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
        TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
        TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
        Unknown value 0xcca9
        Unknown value 0xcca8
        TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
        TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
        TLS_RSA_WITH_AES_128_GCM_SHA256
        TLS_RSA_WITH_AES_256_GCM_SHA384
        TLS_RSA_WITH_AES_128_CBC_SHA
        TLS_RSA_WITH_AES_256_CBC_SHA
        TLS_RSA_WITH_3DES_EDE_CBC_SHA
        compression methods
                  NULL
4 2  1519904858.8094 (0.0000)  S>CV3.3(81)  Handshake
      ServerHello
        Version 3.3
        random[32]=
          a5 72 d9 3c 15 d4 f0 66 5b 33 6c 7b 69 e0 45 3a
          78 2c a7 3d 7c 78 7d 42 0e ed 7f ad b7 03 2d d0
        session_id[32]=
          5b fe 44 e0 be 12 48 15 63 67 8c 88 47 fa 11 3d
          ea ad 91 d9 b0 81 9d 8d 19 c0 8a 82 57 ca a1 8c
        cipherSuite         TLS_RSA_WITH_AES_256_GCM_SHA384
        compressionMethod                   NULL
4 3  1519904858.8094 (0.0000)  S>CV3.3(1)  ChangeCipherSpec
4 4  1519904858.8104 (0.0010)  S>CV3.3(40)  Handshake
4 5  1519904858.8515 (0.0410)  C>SV3.3(1)  ChangeCipherSpec
4 6  1519904858.8515 (0.0000)  C>SV3.3(40)  Handshake
4 7  1519904858.8525 (0.0010)  C>SV3.3(388)  application_data
4 8  1519904858.8589 (0.0064)  S>CV3.3(1565)  application_data
4 9  1519904858.8610 (0.0020)  S>CV3.3(1374)  application_data
4 10 1519904858.8642 (0.0031)  S>CV3.3(1374)  application_data
4 11 1519904858.8662 (0.0020)  S>CV3.3(1374)  application_data
4 12 1519904858.8684 (0.0021)  S>CV3.3(1374)  application_data
4 13 1519904858.8705 (0.0020)  S>CV3.3(1374)  application_data
4 14 1519904858.8727 (0.0021)  S>CV3.3(1374)  application_data
4 15 1519904858.8747 (0.0020)  S>CV3.3(1374)  application_data
4 16 1519904858.8779 (0.0031)  S>CV3.3(1374)  application_data
4 17 1519904858.8800 (0.0021)  S>CV3.3(1374)  application_data
4 18 1519904858.8842 (0.0041)  S>CV3.3(2724)  application_data
4 19 1519904858.8863 (0.0021)  S>CV3.3(1374)  application_data
4 20 1519904858.9103 (0.0240)  S>CV3.3(2724)  application_data
4 21 1519904858.9103 (0.0000)  S>CV3.3(1374)  application_data
4 22 1519904858.9114 (0.0010)  S>CV3.3(2724)  application_data
4 23 1519904858.9114 (0.0000)  S>CV3.3(2724)  application_data
4 24 1519904858.9126 (0.0011)  S>CV3.3(2724)  application_data
4 25 1519904858.9157 (0.0031)  S>CV3.3(2724)  application_data
4 26 1519904858.9206 (0.0049)  S>CV3.3(454)  application_data
4    1519904858.9207 (0.0000)  S>C  TCP FIN
4    1519904858.9805 (0.0598)  C>S  TCP FIN

Client tries to connect to port 443 again once the SSL profile has been applied to both client and server side (web server still running on port 80).  this produces a conversation with little data being send  - See below  -  Followed by an ssldump of the same connection showing a full ssl handshake followed by a reset as no data has been sent.  - next the lets check the internal side

[donald@ltm-t1-1-dc2:Active:Standalone] ~ # tcpdump -r /var/tmp/external_12018-03-01_12\:35\:15.bin
reading from file /var/tmp/external_12018-03-01_12:35:15.bin, link-type EN10MB (Ethernet)
12:35:15.833031 00:00:00:00:00:00 (oui Ethernet) > 00:00:00:00:00:00 (oui Ethernet), ethertype Unknown (0x05ff), length 242:
        0x0000:  4635 2d50 7365 7564 6f2d 706b 7400 434d  F5-Pseudo-pkt.CM
        0x0010:  443a 2074 6370 6475 6d70 202d 6920 766c  D:.tcpdump.-i.vl
        0x0020:  3531 202d 6e6e 6e20 2d73 3020 2d76 7676  51.-nnn.-s0.-vvv
        0x0030:  202d 7720 2f76 6172 2f74 6d70 2f65 7874  .-w./var/tmp/ext
        0x0040:  6572 6e61 6c5f 3132 3031 382d 3033 2d30  ernal_12018-03-0
        0x0050:  315f 3132 3a33 353a 3135 2e62 696e 2068  1_12:35:15.bin.h
        0x0060:  6f73 7420 3139 322e 3136 382e 3130 302e  ost.192.168.100.
        0x0070:  3232 2061 6e64 2031 302e 3231 322e 302e  22.and.10.212.0.
        0x0080:  3236 0056 4552 3a20 3132 2e31 2e33 2e31  26.VER:.12.1.3.1
        0x0090:  2030 2e30 2e39 0048 4f53 543a 206c 746d  .0.0.9.HOST:.ltm
        0x00a0:  2d74 312d 312d 6463 322e 6d67 6d74 2e66  -t1-1-dc2.mgmt.f
        0x00b0:  756c 6c70 726f 7879 2d6c 6162 732e 636f  ullproxy-labs.co
        0x00c0:  2e75 6b00 504c 4154 3a20 5a31 3030 0050  .uk.PLAT:.Z100.P
        0x00d0:  524f 443a 2042 4947 2d49 5000 5345 5353  ROD:.BIG-IP.SESS
        0x00e0:  3a20 3000                                :.0.
12:35:18.384754 IP 192.168.100.22.51091 > 10.212.0.26.https: Flags [S], seq 2907513654, win 64240, options [mss 1350,nop,wscale 8,nop,nop,sackOK], length 0 in slot1/tmm0 lis=
12:35:18.384819 IP 10.212.0.26.https > 192.168.100.22.51091: Flags [S.], seq 269310390, ack 2907513655, win 4050, options [mss 1460,sackOK,eol], length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector
12:35:18.426137 IP 192.168.100.22.51091 > 10.212.0.26.https: Flags [.], ack 1, win 64240, length 0 in slot1/tmm0 lis=/Common/Slitaz-Redirector
12:35:18.427212 IP 192.168.100.22.51091 > 10.212.0.26.https: Flags [P.], seq 1:212, ack 1, win 64240, length 211 in slot1/tmm0 lis=/Common/Slitaz-Redirector
12:35:18.427322 IP 10.212.0.26.https > 192.168.100.22.51091: Flags [P.], seq 1:93, ack 212, win 4050, length 92 out slot1/tmm0 lis=/Common/Slitaz-Redirector
12:35:18.428369 IP 10.212.0.26.https > 192.168.100.22.51091: Flags [P.], seq 93:138, ack 212, win 4261, length 45 out slot1/tmm0 lis=/Common/Slitaz-Redirector
12:35:18.469259 IP 192.168.100.22.51091 > 10.212.0.26.https: Flags [.], ack 138, win 64103, length 0 in slot1/tmm0 lis=/Common/Slitaz-Redirector
12:35:18.469705 IP 192.168.100.22.51091 > 10.212.0.26.https: Flags [P.], seq 212:263, ack 138, win 64103, length 51 in slot1/tmm0 lis=/Common/Slitaz-Redirector
12:35:18.469713 IP 10.212.0.26.https > 192.168.100.22.51091: Flags [.], ack 263, win 4312, length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector
12:35:18.469741 IP 192.168.100.22.51091 > 10.212.0.26.https: Flags [F.], seq 263, ack 138, win 64103, length 0 in slot1/tmm0 lis=/Common/Slitaz-Redirector
12:35:18.469755 IP 10.212.0.26.https > 192.168.100.22.51091: Flags [.], ack 264, win 4312, length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector
12:35:18.470794 IP 10.212.0.26.https > 192.168.100.22.51091: Flags [.], ack 264, win 4312, length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector
12:35:18.470807 IP 10.212.0.26.https > 192.168.100.22.51091: Flags [F.], seq 138, ack 264, win 4312, length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector
12:35:18.471570 IP 192.168.100.22.51092 > 10.212.0.26.https: Flags [S], seq 1493786258, win 64240, options [mss 1350,nop,wscale 8,nop,nop,sackOK], length 0 in slot1/tmm1 lis=
12:35:18.471598 IP 10.212.0.26.https > 192.168.100.22.51092: Flags [S.], seq 3274282386, ack 1493786259, win 4050, options [mss 1460,sackOK,eol], length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector
12:35:18.512306 IP 192.168.100.22.51091 > 10.212.0.26.https: Flags [.], ack 139, win 64103, length 0 in slot1/tmm0 lis=/Common/Slitaz-Redirector
12:35:18.513446 IP 192.168.100.22.51092 > 10.212.0.26.https: Flags [.], ack 1, win 64240, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector
12:35:18.513909 IP 192.168.100.22.51092 > 10.212.0.26.https: Flags [P.], seq 1:212, ack 1, win 64240, length 211 in slot1/tmm1 lis=/Common/Slitaz-Redirector
12:35:18.513925 IP 10.212.0.26.https > 192.168.100.22.51092: Flags [.], ack 212, win 4261, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector
12:35:18.514997 IP 10.212.0.26.https > 192.168.100.22.51092: Flags [P.], seq 1:93, ack 212, win 4261, length 92 out slot1/tmm1 lis=/Common/Slitaz-Redirector
12:35:18.516033 IP 10.212.0.26.https > 192.168.100.22.51092: Flags [P.], seq 93:138, ack 212, win 4261, length 45 out slot1/tmm1 lis=/Common/Slitaz-Redirector
12:35:18.556428 IP 192.168.100.22.51092 > 10.212.0.26.https: Flags [.], ack 138, win 64103, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector
12:35:18.556896 IP 192.168.100.22.51092 > 10.212.0.26.https: Flags [P.], seq 212:263, ack 138, win 64103, length 51 in slot1/tmm1 lis=/Common/Slitaz-Redirector
12:35:18.556904 IP 10.212.0.26.https > 192.168.100.22.51092: Flags [.], ack 263, win 4312, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector
12:35:18.557726 IP 10.212.0.26.https > 192.168.100.22.51092: Flags [.], ack 263, win 4312, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector
12:35:18.557745 IP 192.168.100.22.51092 > 10.212.0.26.https: Flags [P.], seq 263:688, ack 138, win 64103, length 425 in slot1/tmm1 lis=/Common/Slitaz-Redirector
12:35:18.557763 IP 10.212.0.26.https > 192.168.100.22.51092: Flags [.], ack 688, win 4737, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector
12:35:18.560413 IP 10.212.0.26.https > 192.168.100.22.51092: Flags [R.], seq 138, ack 688, win 0, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector
12:35:18.711438 IP 192.168.100.22.51093 > 10.212.0.26.https: Flags [S], seq 564701516, win 64240, options [mss 1350,nop,wscale 8,nop,nop,sackOK], length 0 in slot1/tmm0 lis=
12:35:18.711487 IP 10.212.0.26.https > 192.168.100.22.51093: Flags [S.], seq 3707234989, ack 564701517, win 4050, options [mss 1460,sackOK,eol], length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector
12:35:18.752134 IP 192.168.100.22.51093 > 10.212.0.26.https: Flags [.], ack 1, win 64240, length 0 in slot1/tmm0 lis=/Common/Slitaz-Redirector
12:35:18.752806 IP 192.168.100.22.51093 > 10.212.0.26.https: Flags [P.], seq 1:212, ack 1, win 64240, length 211 in slot1/tmm0 lis=/Common/Slitaz-Redirector
12:35:18.752856 IP 10.212.0.26.https > 192.168.100.22.51093: Flags [P.], seq 1:93, ack 212, win 4050, length 92 out slot1/tmm0 lis=/Common/Slitaz-Redirector
12:35:18.753887 IP 10.212.0.26.https > 192.168.100.22.51093: Flags [P.], seq 93:138, ack 212, win 4261, length 45 out slot1/tmm0 lis=/Common/Slitaz-Redirector
12:35:18.795159 IP 192.168.100.22.51093 > 10.212.0.26.https: Flags [.], ack 138, win 64103, length 0 in slot1/tmm0 lis=/Common/Slitaz-Redirector
12:35:18.795335 IP 192.168.100.22.51093 > 10.212.0.26.https: Flags [P.], seq 212:263, ack 138, win 64103, length 51 in slot1/tmm0 lis=/Common/Slitaz-Redirector
12:35:18.795343 IP 10.212.0.26.https > 192.168.100.22.51093: Flags [.], ack 263, win 4312, length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector
12:35:18.795377 IP 192.168.100.22.51093 > 10.212.0.26.https: Flags [F.], seq 263, ack 138, win 64103, length 0 in slot1/tmm0 lis=/Common/Slitaz-Redirector
12:35:18.795393 IP 10.212.0.26.https > 192.168.100.22.51093: Flags [.], ack 264, win 4312, length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector
12:35:18.796426 IP 10.212.0.26.https > 192.168.100.22.51093: Flags [.], ack 264, win 4312, length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector
12:35:18.796438 IP 10.212.0.26.https > 192.168.100.22.51093: Flags [F.], seq 138, ack 264, win 4312, length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector
12:35:18.797681 IP 192.168.100.22.51094 > 10.212.0.26.https: Flags [S], seq 2722333784, win 64240, options [mss 1350,nop,wscale 8,nop,nop,sackOK], length 0 in slot1/tmm1 lis=
12:35:18.797707 IP 10.212.0.26.https > 192.168.100.22.51094: Flags [S.], seq 1276667065, ack 2722333785, win 4050, options [mss 1460,sackOK,eol], length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector
12:35:18.837247 IP 192.168.100.22.51093 > 10.212.0.26.https: Flags [.], ack 139, win 64103, length 0 in slot1/tmm0 lis=/Common/Slitaz-Redirector
12:35:18.839021 IP 192.168.100.22.51094 > 10.212.0.26.https: Flags [.], ack 1, win 64240, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector
12:35:18.839454 IP 192.168.100.22.51094 > 10.212.0.26.https: Flags [P.], seq 1:212, ack 1, win 64240, length 211 in slot1/tmm1 lis=/Common/Slitaz-Redirector
12:35:18.839471 IP 10.212.0.26.https > 192.168.100.22.51094: Flags [.], ack 212, win 4261, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector
12:35:18.840528 IP 10.212.0.26.https > 192.168.100.22.51094: Flags [P.], seq 1:93, ack 212, win 4261, length 92 out slot1/tmm1 lis=/Common/Slitaz-Redirector
12:35:18.841567 IP 10.212.0.26.https > 192.168.100.22.51094: Flags [P.], seq 93:138, ack 212, win 4261, length 45 out slot1/tmm1 lis=/Common/Slitaz-Redirector
12:35:18.882063 IP 192.168.100.22.51094 > 10.212.0.26.https: Flags [.], ack 138, win 64103, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector
12:35:18.882513 IP 192.168.100.22.51094 > 10.212.0.26.https: Flags [P.], seq 212:263, ack 138, win 64103, length 51 in slot1/tmm1 lis=/Common/Slitaz-Redirector
12:35:18.882519 IP 10.212.0.26.https > 192.168.100.22.51094: Flags [.], ack 263, win 4312, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector
12:35:18.883341 IP 10.212.0.26.https > 192.168.100.22.51094: Flags [.], ack 263, win 4312, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector
12:35:18.883357 IP 192.168.100.22.51094 > 10.212.0.26.https: Flags [P.], seq 263:714, ack 138, win 64103, length 451 in slot1/tmm1 lis=/Common/Slitaz-Redirector
12:35:18.883373 IP 10.212.0.26.https > 192.168.100.22.51094: Flags [.], ack 714, win 4763, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector
12:35:18.885895 IP 10.212.0.26.https > 192.168.100.22.51094: Flags [R.], seq 138, ack 714, win 0, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector


[donald@ltm-t1-1-dc2:Active:Standalone] ~ # ssldump -AedH -i vl51 host 192.168.100.22
New TCP connection #1: 192.168.100.22(51070) <-> 10.212.0.26(443)
1 1  1519907670.1946 (0.0415)  C>SV3.1(206)  Handshake
      ClientHello
        Version 3.3
        random[32]=
          03 62 de 12 86 d3 db aa 54 40 61 d5 03 4d 83 a5
          07 8c a8 ce 5b 9f 5f d0 11 69 f4 5e b3 a9 44 3f
        resume [32]=
          04 93 d6 3c 78 76 6a c1 2c 9b 3c 85 20 ff 52 89
          15 f2 65 e9 f7 d6 f9 75 36 54 99 4f 70 0f 22 19
        cipher suites
        Unknown value 0xa0a
        TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
        TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
        TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
        TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
        Unknown value 0xcca9
        Unknown value 0xcca8
        TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
        TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
        TLS_RSA_WITH_AES_128_GCM_SHA256
        TLS_RSA_WITH_AES_256_GCM_SHA384
        TLS_RSA_WITH_AES_128_CBC_SHA
        TLS_RSA_WITH_AES_256_CBC_SHA
        TLS_RSA_WITH_3DES_EDE_CBC_SHA
        compression methods
                  NULL
1 2  1519907670.1957 (0.0011)  S>CV3.3(81)  Handshake
      ServerHello
        Version 3.3
        random[32]=
          3a c3 8b ba 3e 00 7a 72 ee 5c c2 5b 22 da 42 1f
          02 9d 26 26 c4 99 b2 5d 04 05 cf 94 cb b3 c2 54
        session_id[32]=
          04 93 d6 3c 78 76 6a c1 2c 9b 3c 85 20 ff 52 89
          15 f2 65 e9 f7 d6 f9 75 36 54 99 4f 70 0f 22 19
        cipherSuite         TLS_RSA_WITH_AES_256_GCM_SHA384
        compressionMethod                   NULL
1 3  1519907670.1957 (0.0000)  S>CV3.3(1)  ChangeCipherSpec
1 4  1519907670.1967 (0.0010)  S>CV3.3(40)  Handshake
1 5  1519907670.2402 (0.0435)  C>SV3.3(1)  ChangeCipherSpec
1 6  1519907670.2402 (0.0000)  C>SV3.3(40)  Handshake
1    1519907670.2406 (0.0003)  C>S  TCP FIN
1    1519907670.2406 (0.0000)  S>C  TCP FIN
New TCP connection #2: 192.168.100.22(51071) <-> 10.212.0.26(443)
2 1  1519907670.2835 (0.0418)  C>SV3.1(206)  Handshake
      ClientHello
        Version 3.3
        random[32]=
          94 52 95 2a c2 b8 4c d7 c5 e5 2c 5c b2 0a 91 38
          2b cb 47 ef 1f e3 f9 25 c4 ba 11 3a 3b 2d 4c 8b
        resume [32]=
          04 93 d6 3c 78 76 6a c1 2c 9b 3c 85 20 ff 52 89
          15 f2 65 e9 f7 d6 f9 75 36 54 99 4f 70 0f 22 19
        cipher suites
        Unknown value 0x9a9a
        TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
        TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
        TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
        TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
        Unknown value 0xcca9
        Unknown value 0xcca8
        TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
        TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
        TLS_RSA_WITH_AES_128_GCM_SHA256
        TLS_RSA_WITH_AES_256_GCM_SHA384
        TLS_RSA_WITH_AES_128_CBC_SHA
        TLS_RSA_WITH_AES_256_CBC_SHA
        TLS_RSA_WITH_3DES_EDE_CBC_SHA
        compression methods
                  NULL
2 2  1519907670.2836 (0.0000)  S>CV3.3(81)  Handshake
      ServerHello
        Version 3.3
        random[32]=
          b4 07 84 6a 48 40 3e 56 8c 2e 71 0f a5 46 17 d1
          fd 2f fe 03 9e ce 11 a5 74 b9 36 e1 11 02 5c cf
        session_id[32]=
          04 93 d6 3c 78 76 6a c1 2c 9b 3c 85 20 ff 52 89
          15 f2 65 e9 f7 d6 f9 75 36 54 99 4f 70 0f 22 19
        cipherSuite         TLS_RSA_WITH_AES_256_GCM_SHA384
        compressionMethod                   NULL
2 3  1519907670.2836 (0.0000)  S>CV3.3(1)  ChangeCipherSpec
2 4  1519907670.2842 (0.0005)  S>CV3.3(40)  Handshake
2 5  1519907670.3254 (0.0412)  C>SV3.3(1)  ChangeCipherSpec
2 6  1519907670.3254 (0.0000)  C>SV3.3(40)  Handshake
2 7  1519907670.3260 (0.0006)  C>SV3.3(420)  application_data
2    1519907670.3287 (0.0026)  S>C  TCP RST
New TCP connection #3: 192.168.100.22(51072) <-> 10.212.0.26(443)
3 1  1519907670.5215 (0.0415)  C>SV3.1(206)  Handshake
      ClientHello
        Version 3.3
        random[32]=
          4f 8e cd 0a aa 7a 92 24 47 0b 5b 06 53 60 0c 32
          9f 2c 1f a6 e1 30 7e c1 97 27 86 3b 77 f9 93 69
        resume [32]=
          04 93 d6 3c 78 76 6a c1 2c 9b 3c 85 20 ff 52 89
          15 f2 65 e9 f7 d6 f9 75 36 54 99 4f 70 0f 22 19
        cipher suites
        Unknown value 0x4a4a
        TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
        TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
        TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
        TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
        Unknown value 0xcca9
        Unknown value 0xcca8
        TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
        TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
        TLS_RSA_WITH_AES_128_GCM_SHA256
        TLS_RSA_WITH_AES_256_GCM_SHA384
        TLS_RSA_WITH_AES_128_CBC_SHA
        TLS_RSA_WITH_AES_256_CBC_SHA
        TLS_RSA_WITH_3DES_EDE_CBC_SHA
        compression methods
                  NULL
3 2  1519907670.5226 (0.0010)  S>CV3.3(81)  Handshake
      ServerHello
        Version 3.3
        random[32]=
          a3 0e 13 4a cf 5d 9e 80 5e 3b 22 32 2a 45 8c 08
          d3 2e 67 51 ea 9b 1d 74 65 5f 6b b0 a4 3b 0e 05
        session_id[32]=
          04 93 d6 3c 78 76 6a c1 2c 9b 3c 85 20 ff 52 89
          15 f2 65 e9 f7 d6 f9 75 36 54 99 4f 70 0f 22 19
        cipherSuite         TLS_RSA_WITH_AES_256_GCM_SHA384
        compressionMethod                   NULL
3 3  1519907670.5226 (0.0000)  S>CV3.3(1)  ChangeCipherSpec
3 4  1519907670.5237 (0.0010)  S>CV3.3(40)  Handshake
3 5  1519907670.5672 (0.0435)  C>SV3.3(1)  ChangeCipherSpec
3 6  1519907670.5672 (0.0000)  C>SV3.3(40)  Handshake
3    1519907670.5677 (0.0004)  C>S  TCP FIN
3    1519907670.5688 (0.0010)  S>C  TCP FIN
New TCP connection #4: 192.168.100.22(51073) <-> 10.212.0.26(443)
4 1  1519907670.6111 (0.0423)  C>SV3.1(206)  Handshake
      ClientHello
        Version 3.3
        random[32]=
          7a ca 0d 48 0e 24 10 df 73 38 b9 89 e6 dd 10 fc
          1c 4e f3 1a 68 b2 97 16 17 f3 6c ce d4 82 ea b7
        resume [32]=
          04 93 d6 3c 78 76 6a c1 2c 9b 3c 85 20 ff 52 89
          15 f2 65 e9 f7 d6 f9 75 36 54 99 4f 70 0f 22 19
        cipher suites
        Unknown value 0x7a7a
        TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
        TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
        TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
        TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
        Unknown value 0xcca9
        Unknown value 0xcca8
        TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
        TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
        TLS_RSA_WITH_AES_128_GCM_SHA256
        TLS_RSA_WITH_AES_256_GCM_SHA384
        TLS_RSA_WITH_AES_128_CBC_SHA
        TLS_RSA_WITH_AES_256_CBC_SHA
        TLS_RSA_WITH_3DES_EDE_CBC_SHA
        compression methods
                  NULL
4 2  1519907670.6111 (0.0000)  S>CV3.3(81)  Handshake
      ServerHello
        Version 3.3
        random[32]=
          5e 09 e8 b7 09 dd 55 0e 63 3f 76 74 ae b0 1d 0d
          64 00 29 a3 25 71 99 2e 1b 3b 33 cf 63 c5 b3 0f
        session_id[32]=
          04 93 d6 3c 78 76 6a c1 2c 9b 3c 85 20 ff 52 89
          15 f2 65 e9 f7 d6 f9 75 36 54 99 4f 70 0f 22 19
        cipherSuite         TLS_RSA_WITH_AES_256_GCM_SHA384
        compressionMethod                   NULL
4 3  1519907670.6111 (0.0000)  S>CV3.3(1)  ChangeCipherSpec
4 4  1519907670.6122 (0.0010)  S>CV3.3(40)  Handshake
4 5  1519907670.6531 (0.0409)  C>SV3.3(1)  ChangeCipherSpec
4 6  1519907670.6531 (0.0000)  C>SV3.3(40)  Handshake
4 7  1519907670.6540 (0.0009)  C>SV3.3(446)  application_data
4    1519907670.6570 (0.0030)  S>C  TCP RST

Client tries to connect to port 443 again once the SSL profile has been applied to both client and server side (web server still running on port 80).  this produces a short conversation ending with a reset, signaling an error - See below  -  Followed by an ssldump of the same connection showing failure as the client (the F5) is trying to start and ssl handshake with a server on port 80 (unencrypted)

[donald@ltm-t1-1-dc2:Active:Standalone] ~ # tcpdump -r /var/tmp/internal_12018-03-01_12\:48\:57.bin
reading from file /var/tmp/internal_12018-03-01_12:48:57.bin, link-type EN10MB (Ethernet)
12:48:57.173959 00:00:00:00:00:00 (oui Ethernet) > 00:00:00:00:00:00 (oui Ethernet), ethertype Unknown (0x05ff), length 241:
        0x0000:  4635 2d50 7365 7564 6f2d 706b 7400 434d  F5-Pseudo-pkt.CM
        0x0010:  443a 2074 6370 6475 6d70 202d 6920 766c  D:.tcpdump.-i.vl
        0x0020:  3231 3032 202d 6e6e 6e20 2d73 3020 2d76  2102.-nnn.-s0.-v
        0x0030:  7676 202d 7720 2f76 6172 2f74 6d70 2f69  vv.-w./var/tmp/i
        0x0040:  6e74 6572 6e61 6c5f 3132 3031 382d 3033  nternal_12018-03
        0x0050:  2d30 315f 3132 3a34 383a 3537 2e62 696e  -01_12:48:57.bin
        0x0060:  2068 6f73 7420 3130 2e31 3032 2e30 2e31  .host.10.102.0.1
        0x0070:  3020 616e 6420 3130 2e31 3032 2e30 2e32  0.and.10.102.0.2
        0x0080:  3600 5645 523a 2031 322e 312e 332e 3120  6.VER:.12.1.3.1.
        0x0090:  302e 302e 3900 484f 5354 3a20 6c74 6d2d  0.0.9.HOST:.ltm-
        0x00a0:  7431 2d31 2d64 6332 2e6d 676d 742e 6675  t1-1-dc2.mgmt.fu
        0x00b0:  6c6c 7072 6f78 792d 6c61 6273 2e63 6f2e  llproxy-labs.co.
        0x00c0:  756b 0050 4c41 543a 205a 3130 3000 5052  uk.PLAT:.Z100.PR
        0x00d0:  4f44 3a20 4249 472d 4950 0053 4553 533a  OD:.BIG-IP.SESS:
        0x00e0:  2030 00                                  .0.
12:49:35.271751 IP 10.102.0.10.28162 > 10.102.0.26.http: Flags [S], seq 484841221, win 4050, options [mss 1350,sackOK,eol], length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector
12:49:35.271904 IP 10.102.0.26.http > 10.102.0.10.28162: Flags [S.], seq 1085124411, ack 484841222, win 4380, options [mss 1460,nop,nop,sackOK], length 0 in slot1/tmm0 lis=/Common/Slitaz-Redirector
12:49:35.271910 IP 10.102.0.10.28162 > 10.102.0.26.http: Flags [.], ack 1, win 4050, length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector
12:49:35.271919 IP 10.102.0.10.28162 > 10.102.0.26.http: Flags [P.], seq 1:143, ack 1, win 4050, length 142: HTTP out slot1/tmm0 lis=/Common/Slitaz-Redirector
12:49:35.273104 IP 10.102.0.26.http > 10.102.0.10.28162: Flags [.], ack 143, win 5360, length 0 in slot1/tmm0 lis=/Common/Slitaz-Redirector
12:49:35.273266 IP 10.102.0.26.http > 10.102.0.10.28162: Flags [P.], seq 1:225, ack 143, win 5360, length 224: HTTP: HTTP/1.0 400 Bad Request in slot1/tmm0 lis=/Common/Slitaz-Redirector
12:49:35.273299 IP 10.102.0.10.28162 > 10.102.0.26.http: Flags [P.], seq 143:150, ack 225, win 4050, length 7: HTTP out slot1/tmm0 lis=/Common/Slitaz-Redirector
12:49:35.273319 IP 10.102.0.10.28162 > 10.102.0.26.http: Flags [R.], seq 150, ack 225, win 0, length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector
12:49:35.274348 IP 10.102.0.26.http > 10.102.0.10.28162: Flags [F.], seq 225, ack 143, win 5360, length 0 in slot1/tmm0 lis=
12:49:35.274389 IP 10.102.0.10.28162 > 10.102.0.26.http: Flags [R.], seq 143, ack 226, win 0, length 0 out slot1/tmm0 lis=
12:49:35.274510 IP 10.102.0.26.http > 10.102.0.10.28162: Flags [R], seq 1085124636, win 0, length 0 in slot1/tmm0 lis=

[donald@ltm-t1-1-dc2:Active:Standalone] ~ # ssldump -AedH -i vl2102 host 10.102.0.10
New TCP connection #1: 10.102.0.10(42606) <-> 10.102.0.26(80)
1 1  1519908883.3629 (0.0001)  C>SV3.1(137)  Handshake
      ClientHello
        Version 3.3
        random[32]=
          55 01 96 b5 03 b1 3c a6 a3 32 0f a2 a8 b6 29 7a
          90 65 3c b5 d9 29 da 54 54 cf f5 76 ed 6d 77 35
        cipher suites
        TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
        TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
        TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
        TLS_DHE_RSA_WITH_AES_256_CBC_SHA
        TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
        TLS_DHE_RSA_WITH_AES_128_CBC_SHA
        TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
        TLS_RSA_WITH_AES_256_GCM_SHA384
        TLS_RSA_WITH_AES_128_GCM_SHA256
        TLS_RSA_WITH_AES_256_CBC_SHA256
        TLS_RSA_WITH_AES_256_CBC_SHA
        TLS_RSA_WITH_AES_128_CBC_SHA256
        TLS_RSA_WITH_AES_128_CBC_SHA
        TLS_RSA_WITH_3DES_EDE_CBC_SHA
        TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
        TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
        TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
        TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
        TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
        TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
        TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
        TLS_EMPTY_RENEGOTIATION_INFO_SCSV
        compression methods
                  NULL
Unknown SSL content type 72
1 2  1519908883.3643 (0.0013)  S>CShort record
1    1519908883.3643 (0.0000)  S>C  TCP FIN
1 3  1519908883.3643 (0.0000)  C>SV3.1(2)  Alert
    level           fatal
    value           handshake_failure
1    1519908883.3643 (0.0000)  C>S  TCP RST

Client tries to connect to port 443 again, the web server is now running on port 443.  This produces a normal conversation - See below  -  Followed by an ssldump of the same connection showing the client (the F5) establishing a successful ssl handshake with a server on port 443

[donald@ltm-t1-1-dc2:Active:Standalone] ~ # tcpdump -r /var/tmp/internal_42018-03-01_16\:13\:10.bin
reading from file /var/tmp/internal_42018-03-01_16:13:10.bin, link-type EN10MB (Ethernet)
16:13:11.003644 00:00:00:00:00:00 (oui Ethernet) > 00:00:00:00:00:00 (oui Ethernet), ethertype Unknown (0x05ff), length 262:
        0x0000:  4635 2d50 7365 7564 6f2d 706b 7400 434d  F5-Pseudo-pkt.CM
        0x0010:  443a 2074 6370 6475 6d70 202d 6920 766c  D:.tcpdump.-i.vl
        0x0020:  3231 3032 202d 6e6e 6e20 2d73 3020 2d76  2102.-nnn.-s0.-v
        0x0030:  7676 202d 7720 2f76 6172 2f74 6d70 2f69  vv.-w./var/tmp/i
        0x0040:  6e74 6572 6e61 6c5f 3432 3031 382d 3033  nternal_42018-03
        0x0050:  2d30 315f 3136 3a31 333a 3130 2e62 696e  -01_16:13:10.bin
        0x0060:  206e 6574 2031 302e 3130 322e 302e 302f  .net.10.102.0.0/
        0x0070:  3234 2061 6e64 206e 6f74 2068 6f73 7420  24.and.not.host.
        0x0080:  3130 2e31 3032 2e30 2e31 2061 6e64 206e  10.102.0.1.and.n
        0x0090:  6f74 2061 7270 0056 4552 3a20 3132 2e31  ot.arp.VER:.12.1
        0x00a0:  2e33 2e31 2030 2e30 2e39 0048 4f53 543a  .3.1.0.0.9.HOST:
        0x00b0:  206c 746d 2d74 312d 312d 6463 322e 6d67  .ltm-t1-1-dc2.mg
        0x00c0:  6d74 2e66 756c 6c70 726f 7879 2d6c 6162  mt.fullproxy-lab
        0x00d0:  732e 636f 2e75 6b00 504c 4154 3a20 5a31  s.co.uk.PLAT:.Z1
        0x00e0:  3030 0050 524f 443a 2042 4947 2d49 5000  00.PROD:.BIG-IP.
        0x00f0:  5345 5353 3a20 3000                      SESS:.0.
16:13:21.166355 IP 10.102.0.20.53516 > 10.102.0.34.https: Flags [S], seq 465669175, win 4050, options [mss 1350,sackOK,eol], length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector
16:13:21.166475 IP 10.102.0.34.https > 10.102.0.20.53516: Flags [S.], seq 256616424, ack 465669176, win 29200, options [mss 1460,nop,nop,sackOK], length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector
16:13:21.166482 IP 10.102.0.20.53516 > 10.102.0.34.https: Flags [.], ack 1, win 4050, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector
16:13:21.166499 IP 10.102.0.20.53516 > 10.102.0.34.https: Flags [P.], seq 1:143, ack 1, win 4050, length 142 out slot1/tmm1 lis=/Common/Slitaz-Redirector
16:13:21.167582 IP 10.102.0.34.https > 10.102.0.20.53516: Flags [.], ack 143, win 30016, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector
16:13:21.171861 IP 10.102.0.34.https > 10.102.0.20.53516: Flags [.], seq 1:1351, ack 143, win 30016, length 1350 in slot1/tmm1 lis=/Common/Slitaz-Redirector
16:13:21.171865 IP 10.102.0.34.https > 10.102.0.20.53516: Flags [P.], seq 1351:1599, ack 143, win 30016, length 248 in slot1/tmm1 lis=/Common/Slitaz-Redirector
16:13:21.172963 IP 10.102.0.20.53516 > 10.102.0.34.https: Flags [.], ack 1599, win 5648, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector
16:13:21.182784 IP 10.102.0.20.53516 > 10.102.0.34.https: Flags [P.], seq 143:416, ack 1599, win 5648, length 273 out slot1/tmm1 lis=/Common/Slitaz-Redirector
16:13:21.182822 IP 10.102.0.20.53516 > 10.102.0.34.https: Flags [P.], seq 416:461, ack 1599, win 5648, length 45 out slot1/tmm1 lis=/Common/Slitaz-Redirector
16:13:21.186188 IP 10.102.0.34.https > 10.102.0.20.53516: Flags [.], ack 461, win 31088, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector
16:13:21.186191 IP 10.102.0.34.https > 10.102.0.20.53516: Flags [P.], seq 1599:1650, ack 461, win 31088, length 51 in slot1/tmm1 lis=/Common/Slitaz-Redirector
16:13:21.186197 IP 10.102.0.20.53516 > 10.102.0.34.https: Flags [.], ack 1650, win 5699, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector
16:13:21.186476 IP 10.102.0.20.53516 > 10.102.0.34.https: Flags [.], ack 1650, win 5699, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector
16:13:21.186505 IP 10.102.0.20.53516 > 10.102.0.34.https: Flags [P.], seq 461:886, ack 1650, win 5699, length 425 out slot1/tmm1 lis=/Common/Slitaz-Redirector
16:13:21.187052 IP 10.102.0.34.https > 10.102.0.20.53516: Flags [P.], seq 1650:2308, ack 886, win 32160, length 658 in slot1/tmm1 lis=/Common/Slitaz-Redirector
16:13:21.187061 IP 10.102.0.20.53516 > 10.102.0.34.https: Flags [.], ack 2308, win 6357, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector
16:13:26.129438 IP 10.102.0.34.https > 10.102.0.20.53516: Flags [P.], seq 2308:2339, ack 886, win 32160, length 31 in slot1/tmm1 lis=/Common/Slitaz-Redirector
16:13:26.129445 IP 10.102.0.34.https > 10.102.0.20.53516: Flags [F.], seq 2339, ack 886, win 32160, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector
16:13:26.129462 IP 10.102.0.20.53516 > 10.102.0.34.https: Flags [.], ack 2339, win 6388, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector
16:13:26.129467 IP 10.102.0.20.53516 > 10.102.0.34.https: Flags [F.], seq 886, ack 2339, win 6388, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector
16:13:26.129474 IP 10.102.0.20.53516 > 10.102.0.34.https: Flags [.], ack 2340, win 6388, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector
16:13:26.130570 IP 10.102.0.34.https > 10.102.0.20.53516: Flags [.], ack 887, win 32160, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector

SSLdump
donald@ltm-t1-1-dc2:Active:Standalone] ~ # ssldump -Aed -i vl2102 net 10.102.0.0/24
New TCP connection #1: 10.102.0.14(53666) <-> 10.102.0.34(443)
1 1  1519921352.3464 (0.0002)  C>SV3.1(137)  Handshake
      ClientHello
        Version 3.3
        random[32]=
          38 d5 85 07 22 41 3f 64 3f ce 23 62 fd 24 10 c7
          84 0d 74 a5 f6 3e bf 59 c1 92 7e 09 82 74 55 29
        cipher suites
        TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
        TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
        TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
        TLS_DHE_RSA_WITH_AES_256_CBC_SHA
        TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
        TLS_DHE_RSA_WITH_AES_128_CBC_SHA
        TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
        TLS_RSA_WITH_AES_256_GCM_SHA384
        TLS_RSA_WITH_AES_128_GCM_SHA256
        TLS_RSA_WITH_AES_256_CBC_SHA256
        TLS_RSA_WITH_AES_256_CBC_SHA
        TLS_RSA_WITH_AES_128_CBC_SHA256
        TLS_RSA_WITH_AES_128_CBC_SHA
        TLS_RSA_WITH_3DES_EDE_CBC_SHA
        TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
        TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
        TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
        TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
        TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
        TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
        TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
        TLS_EMPTY_RENEGOTIATION_INFO_SCSV
        compression methods
                  NULL
1 2  1519921352.3554 (0.0090)  S>CV3.3(81)  Handshake
      ServerHello
        Version 3.3
        random[32]=
          9e f3 c6 fd 39 5c 53 50 6c 18 92 d9 cb 8f 28 98
          00 e0 c5 9a 19 33 ce f8 30 99 97 3e 9d 4a 34 03
        session_id[32]=
          d9 2a 52 bf 6b 77 0d 50 d0 9b c5 30 d1 82 4f 0d
          74 92 a6 90 c4 c7 95 4b b1 9a 12 33 ce ae 42 bf
        cipherSuite         TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
        compressionMethod                   NULL
1 3  1519921352.3554 (0.0000)  S>CV3.3(710)  Handshake
      Certificate
1 4  1519921352.3564 (0.0010)  S>CV3.3(783)  Handshake
      ServerKeyExchange
1 5  1519921352.3564 (0.0000)  S>CV3.3(4)  Handshake
      ServerHelloDone
1 6  1519921352.3663 (0.0098)  C>SV3.3(262)  Handshake
      ClientKeyExchange
1 7  1519921352.3663 (0.0000)  C>SV3.3(1)  ChangeCipherSpec
1 8  1519921352.3663 (0.0000)  C>SV3.3(40)  Handshake
1 9  1519921352.3735 (0.0071)  S>CV3.3(1)  ChangeCipherSpec
1 10 1519921352.3735 (0.0000)  S>CV3.3(40)  Handshake
1 11 1519921352.3745 (0.0010)  C>SV3.3(446)  application_data
1 12 1519921352.3752 (0.0006)  S>CV3.3(361)  application_data
1 13 1519921352.3752 (0.0000)  S>CV3.3(250)  application_data
1 14 1519921352.3752 (0.0000)  S>CV3.3(32)  application_data
New TCP connection #2: 10.102.0.1(52179) <-> 10.102.0.34(443)

Back to an unencrypted connection external and internal conversation between the PC<-80->F5(snat REMOVED)<-80->WebServer
This show the client 192.168.100.22 talking to the F5 10.212.0.26 then the webserver responding directly back through the F5, as the webserver has a default gateway of the F5 selfIP

[donald@ltm-t1-1-dc2:Active:Standalone] ~ # tcpdump -i 0.0 host 192.168.100.22 -nnn
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on 0.0, link-type EN10MB (Ethernet), capture size 65535 bytes
19:57:25.690711 IP 192.168.100.22.56099 > 10.212.0.26.80: Flags [S], seq 1689317203, win 64240, options [mss 1350,nop,wscale 8,nop,nop,sackOK], length 0 in slot1/tmm1 lis=
19:57:25.690809 IP 10.212.0.26.80 > 192.168.100.22.56099: Flags [S.], seq 4240572499, ack 1689317204, win 4050, options [mss 1460,sackOK,eol], length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector
19:57:25.731359 IP 192.168.100.22.56099 > 10.212.0.26.80: Flags [.], ack 1, win 64240, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector
19:57:25.731911 IP 192.168.100.22.56099 > 10.212.0.26.80: Flags [P.], seq 1:469, ack 1, win 64240, length 468: HTTP: GET / HTTP/1.1 in slot1/tmm1 lis=/Common/Slitaz-Redirector
19:57:25.731940 IP 192.168.100.22.56099 > 10.102.0.26.80: Flags [S], seq 3095608729, win 4050, options [mss 1350,sackOK,eol], length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector
19:57:25.731943 IP 10.212.0.26.80 > 192.168.100.22.56099: Flags [.], ack 469, win 4518, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector
19:57:25.732486 IP 10.102.0.26.80 > 192.168.100.22.56099: Flags [S.], seq 4180300829, ack 3095608730, win 4380, options [mss 1460,nop,nop,sackOK], length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector
19:57:25.732492 IP 192.168.100.22.56099 > 10.102.0.26.80: Flags [.], ack 1, win 4050, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector
19:57:25.732499 IP 192.168.100.22.56099 > 10.102.0.26.80: Flags [P.], seq 1:469, ack 1, win 4050, length 468: HTTP: GET / HTTP/1.1 out slot1/tmm1 lis=/Common/Slitaz-Redirector
19:57:25.733029 IP 10.102.0.26.80 > 192.168.100.22.56099: Flags [.], ack 469, win 5360, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector
19:57:25.733299 IP 10.102.0.26.80 > 192.168.100.22.56099: Flags [P.], seq 1:190, ack 469, win 5360, length 189: HTTP: HTTP/1.0 200 OK in slot1/tmm1 lis=/Common/Slitaz-Redirector
19:57:25.733301 IP 10.102.0.26.80 > 192.168.100.22.56099: Flags [FP.], seq 190:619, ack 469, win 5360, length 429: HTTP in slot1/tmm1 lis=/Common/Slitaz-Redirector
19:57:25.733310 IP 192.168.100.22.56099 > 10.102.0.26.80: Flags [.], ack 190, win 4239, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector
19:57:25.733313 IP 10.212.0.26.80 > 192.168.100.22.56099: Flags [P.], seq 1:619, ack 469, win 4518, length 618: HTTP: HTTP/1.0 200 OK out slot1/tmm1 lis=/Common/Slitaz-Redirector
19:57:25.733317 IP 192.168.100.22.56099 > 10.102.0.26.80: Flags [.], ack 620, win 4668, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector
19:57:25.733320 IP 10.212.0.26.80 > 192.168.100.22.56099: Flags [F.], seq 619, ack 469, win 4518, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector
19:57:25.778748 IP 192.168.100.22.56099 > 10.212.0.26.80: Flags [.], ack 1, win 64240, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector
19:57:25.779529 IP 192.168.100.22.56099 > 10.212.0.26.80: Flags [.], ack 620, win 63622, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector
19:57:25.780833 IP 192.168.100.22.56099 > 10.212.0.26.80: Flags [F.], seq 469, ack 620, win 63622, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector
19:57:25.780839 IP 10.212.0.26.80 > 192.168.100.22.56099: Flags [.], ack 470, win 4518, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector
19:57:25.780842 IP 192.168.100.22.56099 > 10.102.0.26.80: Flags [F.], seq 469, ack 620, win 4668, length 0 out slot1/tmm1 lis=/Common/Slitaz-Redirector
19:57:25.781375 IP 10.102.0.26.80 > 192.168.100.22.56099: Flags [.], ack 470, win 5360, length 0 in slot1/tmm1 lis=/Common/Slitaz-Redirector

Same conversation as above between the PC<-80->F5(snat REMOVED)<-80->WebServer, although this time the server doesn't have a gateway of the F5.
Notice the 3 syn packets coming from the PC, this is the packet from the internal side of the F5 sending a packet to the webserver although it doesn't see the reply as there is no NAT and the webserver doesn't have a default gateway of the F5 

[donald@ltm-t1-1-dc2:Active:Standalone] ~ #  tcpdump -i 0.0 host 192.168.100.22 -nnn
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on 0.0, link-type EN10MB (Ethernet), capture size 65535 bytes
20:15:30.912523 IP 192.168.100.22.56358 > 10.212.0.26.80: Flags [S], seq 4159471861, win 64240, options [mss 1350,nop,wscale 8,nop,nop,sackOK], length 0 in slot1/tmm0 lis=
20:15:30.912585 IP 10.212.0.26.80 > 192.168.100.22.56358: Flags [S.], seq 4181511221, ack 4159471862, win 4050, options [mss 1460,sackOK,eol], length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector
20:15:30.955758 IP 192.168.100.22.56358 > 10.212.0.26.80: Flags [.], ack 1, win 64240, length 0 in slot1/tmm0 lis=/Common/Slitaz-Redirector
20:15:30.956317 IP 192.168.100.22.56358 > 10.212.0.26.80: Flags [P.], seq 1:469, ack 1, win 64240, length 468: HTTP: GET / HTTP/1.1 in slot1/tmm0 lis=/Common/Slitaz-Redirector
20:15:30.956417 IP 192.168.100.22.56358 > 10.102.0.26.80: Flags [S], seq 748625133, win 4050, options [mss 1350,sackOK,eol], length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector
20:15:30.956427 IP 10.212.0.26.80 > 192.168.100.22.56358: Flags [.], ack 469, win 4518, length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector
20:15:33.956597 IP 192.168.100.22.56358 > 10.102.0.26.80: Flags [S], seq 748625133, win 4050, options [mss 1350,sackOK,eol], length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector
20:15:36.956848 IP 192.168.100.22.56358 > 10.102.0.26.80: Flags [S], seq 748625133, win 4050, options [mss 1350,sackOK,eol], length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector
20:15:39.956761 IP 192.168.100.22.56358 > 10.102.0.26.80: Flags [S], seq 748625133, win 4050, options [mss 1350,sackOK,eol], length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector
20:15:42.956867 IP 10.212.0.26.80 > 192.168.100.22.56358: Flags [R.], seq 1, ack 469, win 0, length 0 out slot1/tmm0 lis=/Common/Slitaz-Redirector


F5 cli upgrade

posted 25 Feb 2018, 10:06 by Donald Ross   [ updated 3 Apr 2018, 07:52 ]

scp -r BIGIP-12.1.3.1-0.0.9.iso donald@172.16.51.15:/shared/images
tmsh
install sys software image BIGIP-12.1.3.1-0.0.9.iso create-volume volume HD1.3
tmsh show sys software
tailf /var/log/liveinstall.log
bash
switchboot -b HD1.3
tmsh
reboot volume HD1.3

Usefull Linux Commands

posted 30 Jan 2018, 12:41 by Donald Ross

COMMANDDESCRIPTION
netstat -tulpnShow Linux network ports with process ID’s (PIDs)
watch ss -stpluWatch TCP, UDP open ports in real time with socket summary.
lsof -iShow established connections.
macchanger -m MACADDR INTRChange MAC address on KALI Linux.
ifconfig eth0 192.168.2.1/24Set IP address in Linux.
ifconfig eth0:1 192.168.2.3/24Add IP address to existing network interface in Linux.
ifconfig eth0 hw ether MACADDRChange MAC address in Linux using ifconfig.
ifconfig eth0 mtu 1500Change MTU size Linux using ifconfig, change 1500 to your desired MTU.
dig -x 192.168.1.1 Dig reverse lookup on an IP address.
host 192.168.1.1 Reverse lookup on an IP address, in case dig is not installed.
dig @192.168.2.2 domain.com -t AXFRPerform a DNS zone transfer using dig.
host -l domain.com nameserverPerform a DNS zone transfer using host.
nbtstat -A x.x.x.xGet hostname for IP address.
ip addr add 192.168.2.22/24 dev eth0Adds a hidden IP address to Linux, does not show up when performing an ifconfig.
tcpkill -9 host google.comBlocks access to google.com from the host machine.
echo "1" > /proc/sys/net/ipv4/ip_forwardEnables IP forwarding, turns Linux box into a router – handy for routing traffic through a box.
echo "8.8.8.8" > /etc/resolv.confUse Google DNS.

System Information Commands

Useful for local enumeration.

COMMANDDESCRIPTION
whoamiShows currently logged in user on Linux.
idShows currently logged in user and groups for the user.
lastShows last logged in users.
mountShow mounted drives.
df -hShows disk usage in human readable output.
echo "user:passwd" | chpasswdReset password in one line.
getent passwdList users on Linux.
strings /usr/local/bin/blahShows contents of none text files, e.g. whats in a binary.
uname -arShows running kernel version.
PATH=$PATH:/my/new-pathAdd a new PATH, handy for local FS manipulation.
historyShow bash history, commands the user has entered previously


COMMANDDESCRIPTION
cat /etc/debian_versionShows Debian version number.
cat /etc/*-releaseShows Ubuntu version number.
dpkg -lList all installed packages on Debian / .deb based Linux distro.

Linux User Management

COMMANDDESCRIPTION
useradd new-userCreates a new Linux user.
passwd usernameReset Linux user password, enter just passwd if you are root.
deluser usernameRemove a Linux user.

Linux Decompression Commands

How to extract various archives (tar, zip, gzip, bzip2 etc) on Linux and some other tricks for searching inside of archives etc.

COMMANDDESCRIPTION
unzip archive.zipExtracts zip file on Linux.
zipgrep *.txt archive.zipSearch inside a .zip archive.
tar xf archive.tarExtract tar file Linux.
tar xvzf archive.tar.gzExtract a tar.gz file Linux.
tar xjf archive.tar.bz2Extract a tar.bz2 file Linux.
tar ztvf file.tar.gz | grep blahSearch inside a tar.gz file.
gzip -d archive.gzExtract a gzip file Linux.
zcat archive.gzRead a gz file Linux without decompressing.
zless archive.gzSame function as the less command for .gz archives.
zgrep 'blah' /var/log/maillog*.gzSearch inside .gz archives on Linux, search inside of compressed log files.
vim file.txt.gzUse vim to read .txt.gz files (my personal favorite).
upx -9 -o output.exe input.exeUPX compress .exe file Linux.

Linux Compression Commands

COMMANDDESCRIPTION
zip -r file.zip /dir/*Creates a .zip file on Linux.
tar cf archive.tar filesCreates a tar file on Linux.
tar czf archive.tar.gz filesCreates a tar.gz file on Linux.
tar cjf archive.tar.bz2 filesCreates a tar.bz2 file on Linux.
gzip fileCreates a file.gz file on Linux.

Linux File Commands

COMMANDDESCRIPTION
df -h blahDisplay size of file / dir Linux.
diff file1 file2Compare / Show differences between two files on Linux.
md5sum fileGenerate MD5SUM Linux.
md5sum -c blah.iso.md5Check file against MD5SUM on Linux, assuming both file and .md5 are in the same dir.
file blahFind out the type of file on Linux, also displays if file is 32 or 64 bit.
dos2unixConvert Windows line endings to Unix / Linux.
base64 < input-file > output-fileBase64 encodes input file and outputs a Base64 encoded file called output-file.
base64 -d < input-file > output-fileBase64 decodes input file and outputs a Base64 decoded file called output-file.
touch -r ref-file new-fileCreates a new file using the timestamp data from the reference file, drop the -r to simply create a file.
rm -rfRemove files and directories without prompting for confirmation.

Samba Commands

Connect to a Samba share from Linux.

$ smbmount //server/share /mnt/win -o user=username,password=password1
$ smbclient -U user \\\\server\\share
$ mount -t cifs -o username=user,password=password //x.x.x.x/share /mnt/share

Breaking Out of Limited Shells

Credit to G0tmi1k for these (or wherever he stole them from!).

The Python trick:

python -c 'import pty;pty.spawn("/bin/bash")'
echo os.system('/bin/bash')
/bin/sh -i

Misc Commands

COMMANDDESCRIPTION
init 6Reboot Linux from the command line.
gcc -o output.c input.cCompile C code.
gcc -m32 -o output.c input.cCross compile C code, compile 32 bit binary on 64 bit Linux.
unset HISTORYFILEDisable bash history logging.
rdesktop X.X.X.XConnect to RDP server from Linux.
kill -9 $$Kill current session.
chown user:group blahChange owner of file or dir.
chown -R user:group blahChange owner of file or dir and all underlying files / dirs – recersive chown.
chmod 600 fileChange file / dir permissions, see [Linux File System Permissons](#linux-file-system-permissions) for details.

Clear bash history:

      $ ssh user@X.X.X.X | cat /dev/null > ~/.bash_history
    

Linux File System Permissions

VALUEMEANING
777rwxrwxrwx No restriction, global WRX any user can do anything.
755rwxr-xr-x Owner has full access, others can read and execute the file.
700rwx------ Owner has full access, no one else has access.
666rw-rw-rw- All users can read and write but not execute.
644rw-r--r-- Owner can read and write, everyone else can read.
600rw------- Owner can read and write, everyone else has no access.

DIRECTORYDESCRIPTION
// also know as “slash” or the root.
/binCommon programs, shared by the system, the system administrator and the users.
/bootBoot files, boot loader (grub), kernels, vmlinuz
/devContains references to system devices, files with special properties.
/etcImportant system config files.
/homeHome directories for system users.
/libLibrary files, includes files for all kinds of programs needed by the system and the users.
/lost+foundFiles that were saved during failures are here.
/mntStandard mount point for external file systems.
/mediaMount point for external file systems (on some distros).
/netStandard mount point for entire remote file systems – nfs.
/optTypically contains extra and third party software.
/procA virtual file system containing information about system resources.
/rootroot users home dir.
/sbinPrograms for use by the system and the system administrator.
/tmpTemporary space for use by the system, cleaned upon reboot.
/usrPrograms, libraries, documentation etc. for all user-related programs.
/varStorage for all variable files and temporary files created by users, such as log files, mail queue, print spooler. Web servers, Databases etc.

Linux Interesting Files / Dir’s

Places that are worth a look if you are attempting to privilege escalate / perform post exploitation.

DIRECTORYDESCRIPTION
/etc/passwdContains local Linux users.
/etc/shadowContains local account password hashes.
/etc/groupContains local account groups.
/etc/init.d/Contains service init script – worth a look to see whats installed.
/etc/hostnameSystem hostname.
/etc/network/interfacesNetwork interfaces.
/etc/resolv.confSystem DNS servers.
/etc/profileSystem environment variables.
~/.ssh/SSH keys.
~/.bash_historyUsers bash history log.
/var/log/Linux system log files are typically stored here.
/var/adm/UNIX system log files are typically stored here.
/var/log/apache2/access.log

/var/log/httpd/access.log

Apache access log file typical path.
/etc/fstabFile system mounts.

Openssl s_client

posted 25 Jan 2018, 04:57 by Donald Ross

openssl s_client -connect 10.211.0.3:443 | openssl x509 -purpose

openssl s_client -connect 10.150.232.96:443 -showcerts

#show dates
openssl s_client -connect 10.240.89.254:3041 | openssl x509 -noout -dates
notBefore=Oct 10 20:04:26 2015 GMT
notAfter=Oct  9 20:04:26 2017 GMT

openssl s_client -connect 10.240.89.254:3041 | openssl x509 -noout -issuer

openssl s_client -connect 10.240.89.254:3041 | openssl x509

#nearly all details
openssl s_client -connect 10.240.89.254:3041 | openssl x509 -noout -text

https://www.shellhacks.com/openssl-check-ssl-certificate-expiration-date/

F5 LTM redirect policy (HTTP to HTTPs)

posted 28 Sep 2017, 13:59 by Donald Ross

F5 LTM redirect policy (HTTP to HTTPs)


1-10 of 25