This section illustrates the commands to capture session key through the Avi Load Balancer CLI.
Configuring Capture Parameter
: debug virtualservice vs1 : debugvirtualservice> capture_params enable_ssl_session_key_capture : debugvirtualservice> save
Starting a Capture
: debug virtualservice vs1 : debugvirtualservice> capture : debugvirtualservice> save
Stop an Ongoing Packet Capture
: > debug virtualservice vs1 : debugvirtualservice> no capture : debugvirtualservice> save
Analyzing Captures
Once capture is complete, download and extract the tar file from the Controller. The result will be a PCAP capture file and a text file containing the session keys.
Load the capture file into Wireshark, and filter for encrypted conversation.
Load the session keys by opening Wireshark Preferences and navigating to TLS or SSL, and under the (Pre)-Master-Secret log filename heading, browse for the extracted session keys text file.
Previously encrypted packets in the filtered conversation will now have an additional tab with the unencrypted contents.