F5 BIG-IP LTM Specialist: Maintain and Troubleshoot — Question 77

An LTM Specialist sees these entries in /var/log/ltm:
Oct 25 03:34:31 tmm warning tmm[7150]: 01260017:4: Connection attempt to insecure SSL server (see RFC5746) aborteD. 172.16.20.1:443
Oct 25 03:34:32 tmm warning tmm[7150]: 01260017:4: Connection attempt to insecure SSL server (see RFC5746) aborteD. 172.16.20.1:443
Oct 25 03:34:32 tmm warning tmm[7150]: 01260017:4: Connection attempt to insecure SSL server (see RFC5746) aborteD. 172.16.20.1:443
Oct 25 03:34:32 tmm warning tmm[7150]: 01260017:4: Connection attempt to insecure SSL server (see RFC5746) aborteD. 172.16.20.1:443
Oct 25 03:34:32 tmm warning tmm[7150]: 01260017:4: Connection attempt to insecure SSL server (see RFC5746) aborteD. 172.16.20.1:443
Oct 25 03:34:33 tmm warning tmm[7150]: 01260017:4: Connection attempt to insecure SSL server (see RFC5746) aborteD. 172.16.20.1:443
Assume 172.16.20.0/24 is attached to the VLAN "internal."
What should the LTM Specialist use to troubleshoot this issue?

Answer options

• A. curl -d - -k https://172.16.20.1
• B. ssldump -i internal host 172.16.20.1
• C. tcpdump -i internal host 172.16.20.1 > /shared/ssl.pcap ssldump < /shared/ssl.pcap
• D. tcpdump -s 64 -i internal -w /shared/ssl.pcap host 172.16.20.1

Correct answer: B

Explanation

The correct answer, B, uses ssldump to analyze SSL connections directly, which is essential for troubleshooting SSL issues. Option A is incorrect as it uses curl, which is not suitable for capturing SSL traffic. Option C combines tcpdump and ssldump, but the primary focus should be on ssldump for this specific issue. Option D also uses tcpdump, but it does not analyze SSL traffic directly.