This article describes how to capture a network trace from Command Line Interface of NetScaler 11.x, and how to can decrypt the captured SSL trace by using SSLPLAIN (decrypt) option.

From NetScaler 11.0, a feature called SSLPLAIN is introduced. This feature lets you decrypt SSL trace without a Key file.

---

Instructions

Note: The "nstrace.sh -sz 0" command is used to capture network trace on earlier versions of NetScaler; this command is deprecated from NetScaler 11.0 onwards.

Complete the following steps to capture a network trace:

1. Run the following command from NetScaler Command Line Interface to start the trace:
   start nstrace -size 0

2. Run the following command to capture SSL traffic in SSLPLAIN (decrypted) format:
   start nstrace -size 0 -mode SSLPLAIN

3. Run the following command to stop the trace:
   stop nstrace

   

The following are the arguments that the nstrace command accepts:
-doruntimecleanup ( ENABLED | DISABLED )
-fileId <string>
-fileName <string>
-filter <expression>
-inMemoryTrace ( ENABLED | DISABLED )
-link ( ENABLED | DISABLED )
-merge <merge>
-mode <mode> ...
 -nf <positive_integer>
-nodes <positive_integer> ...
-perNIC ( ENABLED | DISABLED )
-size <positive_integer>
-skipRPC ( ENABLED | DISABLED )
-time <positive_integer> | -filesize <positive_integer>
-traceBuffers <positive_integer>
-traceformat ( NSCAP | PCAP )

For detailed information refer to Citrix Documentation.

This article describes how to capture a network trace from Command Line Interface of NetScaler 11.x, and how to can decrypt the captured SSL trace by using SSLPLAIN (decrypted) option.