Im a IT trainee working on my final school project. For that i have a complete Splunk setup with Indexer Cluster, Search Head Cluster, Deployment Server and a HA proxy, everything running on CentOS 7.6. The Universal Forwarders are installed on Winodws Server 2016 and Windows 10 Enterprise.
The communication between Forwarders and Peer nodes are configured with SSL, using self signed certificates. This communication i can capture with wireshark, from my Windows laptop, by SSH to a Peer node, run a tcpdump and pipe it back to Wireshark on my laptop. I can see Hello messages, key exchange, everything. What i would like to do, is to decrypt the traffic and show the data in clear text in Wireshark. Im using Diffie Hellman for the key exchange, so the RSA private key wont work.
I have read a lot of guides all of them showing how to do with browser traffic, all telling to log the 'pre master key' to a file and then use that in Wireshark. But i have not found a way to do it, when its another aplication.