Forum Discussion

Nimbostratus

Dec 09, 2020

how can I view the top 10 talkers' IP addresses for a given timeperiod?

I see a spike in network activity but would like to see the top talkers for a given timeperiod. How can I view that info? I am using i2800 on 15.1.2.

Thanks.

jaikumar_f5
MVP
Dec 10, 2020
When you say a given period, do you mean in the past or current traffic pattern. If current, you can use tmsh or bigtop commands.
Sharath413
Nimbostratus
Dec 10, 2020
I meant sometime in the past. Also, is there any way on F5 to view client session info like netstat -ap etc?
Do you know how I can get a list of client IP addresses to a virtual server?
- jaikumar_f5
  MVP
  Dec 10, 2020
  Since you ask for the past, I think its doable with 2 options (from what I know), either with logging using an Irule or using the Analytics (AVR) module.
  As you also called netstat, which is a real time data, not of past, I'll share few commands which I use, You can try these options,
  Current Connections for a given VIP:
  tmsh show sys connection cs-server-addr <VIP> | head -n -1 | tail -n +2 | awk '{print $1}'
  You can add more filters like awk, cut, sort, uniq to find top source ip's consuming your respective vip.
  Total Connections Count so far:
  tmsh show ltm virtual <Virtual-name> | grep -E "Ltm::Virtual Server|Total Connections" | awk 'NR%2{printf "%s ",$0;next;}1' | awk '{print $3","$6}'
  Live Connections Count on the box:
  tmsh show ltm virtual all | grep -E "Ltm::Virtual Server|Current Connections" | awk 'NR%2{printf "%s ",$0;next;}1' | awk '{print $3","$6}'
  Also you can use bigtop command,
  bigtop -conn -once
  Hope this helps.