Forum Discussion

Cirrostratus

Jan 23, 2024

How to check the source IP of an "open connection" ?

Hello, Recently, the F5 I manage was suspected to be under attack. There were as many as 650 K "open connections" and I wanted to check the source IP of these connections. I tried "tmsh sho...

application delivery

Lucas_Thompson

Employee

Jan 24, 2024

Luckily BIG-IP is pretty flexible in this area.

You can filter out connections. "tmsh show sys conn" supports a lot of different filter selectors that you can use: https://my.f5.com/manage/s/article/K53851362
You can change the limit from 1000 to something else: https://my.f5.com/manage/s/article/K20234023

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

How to check the source IP of an "open connection" ?

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

Managing iRules configuration

[ASM] : "Request length exceeds defined buffer size " - How to increase the limit ?

CPU load when Prometheus is scraping metrics from F5 BIG-IP LTM

Problem with sending BotDefense logs to remote server

ASM/AWAF declarative policy

Related Content

Restsh is now available under an Open Source license!

Help with an iRule to disconnect active connections to Pool Members that are "offline"

Phishing, Malware, Breach and Open-Source Security

The Power of Source Address

iControl Library For Java With Source

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS