When analyzing HTTPS traffic using tools like tcpdump without access to the SSL private keys for decryption, only the Layer 2 through Layer 4 information remains visible.
Visible Information: You can see the Source and Destination IP addresses, TCP ports, and the TLS handshake headers (such as the Server Name Indication/SNI in the Client Hello).
Encrypted Information: Once the encrypted tunnel is established, all Layer 7 data is masked. This includes HTTP Request/Response Headers (Option A and D) and Cookies (Option C).
Troubleshooting Note: To see the headers or cookies, an administrator must either perform the packet capture on the "server-side" of the BIG-IP (if it is performing SSL Offload) or use a tool like Wireshark with the appropriate SSL keys loaded.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit