F5 BIG-IP LTM Specialist: Maintain and Troubleshoot — Question 75

An LTM Specialist is troubleshooting virtual server 10.0.0.1:443 residing on VLAN vlan301. The web application is accessed via www.example.com. The LTM
Specialist wants to save a packet capture with complete decrypted payload for external analysis.
Which command should the LTM Specialist execute on the LTM device command line interface?

Answer options

• A. tcpdump -vvv -s 0 'host 10.0.0.1 and port 443' -w /var/tmp/trace.cap
• B. tcpdump -vvv -s 0 -ni vlan301 'host 10.0.0.1 and port 443' -w /var/tmp/trace.cap
• C. ssldump -Aed -k /config/filestore/files_d/Common_d/certificate_key_d/:Common:www.example.com.key_1 > /var/tmp/trace.cap
• D. ssldump -Aed -ni vlan301 -k /config/filestore/files_d/Common_d/certificate_key_d/:Common:www.example.com.key_1 > /var/tmp/trace.cap

Correct answer: D

Explanation

The correct answer is D because it uses ssldump with the appropriate options to capture decrypted SSL traffic specifically on the VLAN where the virtual server resides. Option A and B use tcpdump, which cannot decrypt SSL traffic, while option C lacks the VLAN specification, making it less suitable for the task at hand.