How to Capture DNS Packets on GTM

Question

I want to capture DNS traffic on GTM, i want to verify if request is going to the next available Data Centre when i invoke the DR&nbsp;

moonlit · Answer

I haven't licensed or used GTM so my advice is based purely on speculation.
Have you tried simply dumping the traffic from an interface using tcpdump? Most DNS traffic is unencrypted so you should be able to see what's going on.
First, find out which interface you want to sniff with the "ifconfig" command. 
If the destination server is located on an interface called "vlan1275" you can dump all DNS traffic to a specific IP address thus:
[xxx@BIG10001:Active:Changes Pending] log  tcpdump -i vlan1275 udp port 53 and host 1.2.3.4

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on vlan1275, link-type EN10MB (Ethernet), capture size 96 bytes

11:25:31.279433 IP 10.x.x.x.61750 &gt; server.domain:  52331+ A? client-cf.dropbox.com. (39)

11:25:31.445888 IP server.domain &gt; 10.x.x.x.61750:  52331 8/0/0 A[|domain]

11:25:31.586319 IP 10.x.x.x.61754 &gt; server.domain:  43652+ A? [www.bing.com.] (http://www.bing.com.) (30)

11:25:31.587767 IP server &gt; 10.x.x.x.61754:  43652 2/0/0 CNAME any.edge.bing.com., (69)

^C

Forum Discussion

How to Capture DNS Packets on GTM

1 Reply

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

VIP is not responding on SYN after enabling other modules like ASM, APM and AFM.

VIP in https that redirect to another vip in https

2026 301a exam

F5OS login with admin/root failed via console

UCS Encryption Question

Related Content

Decrypting BIG-IP Packet Captures Automatically

Decrypting BIG-IP Packet Captures without iRules

Automating Packet Captures on BIG-IP

decrypted tcpdump capture without using an iRule and without using tshark

DevCentral Connects hosts Capture the Flag!

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS