cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

345
Views
0
Helpful
4
Replies
Highlighted
Beginner

SSL Traffic Capture on FTD

Hi,

 

we have internal client talking to outside but I cant see ant traffic on FTD and Looks its communication is not reaching at that level and breaks at SSL handshake. Server guy confirmed me that ssl handshake is not completing.

 

Can I capture ssl handshake traffic on ftd to see If ssl is the problem for this communication.

4 REPLIES 4
Highlighted
VIP Mentor

Hope you are not looking Decrypt the SSL, but as per the post, you looking simple end-to-end TCP handshake to prove the packet coming in FTD and leaving to destination.

 

below troubleshoot prove and explain when you enable capture. Hope you do not have any other uplink side device which does NAT or any other sort ?

 

https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/212474-working-with-firepower-threat-defense-f.html

BB
*** Rate All Helpful Responses ***
Highlighted
VIP Advisor

Hi,

You can capture ssl traffic and look at the handshake (basically client
hello and server hello are the handshake messages). A failure in handshake
will generate a reset by the other party. These hellos can be seen without
decrypt.

***** please remember to rate useful posts
Highlighted

Thanks,

 

Yes I want to look at the handshake level only without decrypting ssl traffic.

what CLI should I use to get this Info on FTD CLI.

 

Highlighted

Hi,

You can go to system support diag command and capture #name# #if-name# ....
etc to capture the traffic on outside interface. Then export it as pcpa
file. Or you can generate the capture from fmc or fdm. Just lookup the
steps online.


**** please remember to rate useful posts
Content for Community-Ad