F5 wireshark plugin

When you perform packet capture on F5 LTM, you possibly notice there are some unknow fileds in the packet capture.

These unknown data fileds are the additional diagnostic data which is encoded on tcpdump captures by F5 LTM. F5 has provided the wireshark plugin to decode the unknown fileds. You can download the plugin from the link below:


What you need to is to create a customize wireshark build to include the plugin.

Please follow the steps below to build your own wireshark :

1. Acquire the Wireshark source tarball at:

2. Extract out the files:
tar xjf wireshark-{version}.tar.bz2

3. Enter into the directory, and extract the files in the F5 package:
cd wireshark-{version}/
tar xzf wireshark.plugin.f5ethtrailer.1.3.tar.gz

4. Apply the patch:
patch -p1 < f5ethtrailer.makefiles.{version}.patch

5a. If you are on Windows, proceed to compilation following the instructions at:

5b. If you are on a GNU GCC based platform, proceed to compilation by following the instructions at:

6. Install Wireshark to your target system

When you get your own wireshark build, open the F5 LTM tcpdump file, you will see something like below:


2 thoughts on “F5 wireshark plugin

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s