For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

goldberg_33306's avatar
goldberg_33306
Icon for Nimbostratus rankNimbostratus
Oct 10, 2012

Basic TCPDUMP Question

When I capture traffic on the "internal" and "external" interfaces, why do I see the same syn from the client on both interfaces? I know this is a basic feature within F5 LTM, but just looking for a...
config
design
nitass's avatar
nitass
Icon for Employee rankEmployee
Oct 10, 2012
this is fastl4 profile (performance l4 virtual server). 

[root@ve10:Active] config  b virtual bar list
virtual bar {
   pool foo
   destination 172.28.19.79:80
   ip protocol 6
   profiles fastL4 {}
}
[root@ve10:Active] config  b pool foo list
pool foo {
   members 200.200.200.101:80 {}
}

[root@ve10:Active] config  tcpdump -nni 0.0 port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on 0.0, link-type EN10MB (Ethernet), capture size 108 bytes
(1) 21:53:21.256902 IP 172.28.19.251.42626 > 172.28.19.79.80: S 4119262028:4119262028(0) win 5840 
(2) 21:53:21.256957 IP 172.28.19.251.42626 > 200.200.200.101.80: S 4119262028:4119262028(0) win 5840 
(3) 21:53:21.257660 IP 200.200.200.101.80 > 172.28.19.251.42626: S 427681894:427681894(0) ack 4119262029 win 5792 
(4) 21:53:21.257675 IP 172.28.19.79.80 > 172.28.19.251.42626: S 427681894:427681894(0) ack 4119262029 win 5792 
(5) 21:53:21.258752 IP 172.28.19.251.42626 > 172.28.19.79.80: . ack 1 win 46 
(6) 21:53:21.258764 IP 172.28.19.251.42626 > 200.200.200.101.80: . ack 1 win 46