SOL411 (
Click here) and SOL6546 (
Click here) describe how to capture a tcpdump on BIG-IP. In general, you can use syntax like the following to capture traffic on all switch interfaces, with no packet snaplength restriction and save the results to a binary file. You can use wireshark to analyze the tcpdump off LTM.
tcpdump -ni 0.0 -s0 -w/var/tmp/`/bin/hostname`/.trace.dmp host VIP_IP_ADDRESS or host SERVER_IP_ADDRESS
If the client or server side connections are encrypted, you can use ssldump to decrypt the trace. You'll need the server's SSL key to decrypt it. You'll need to get the SSL handshake in the trace in order to decrypt it, so make sure to start the tcpdump before you open the browser to test with.
Aaron