Forum Discussion
NimbostratusHow to filter between regular data traffic and health monitor traffic with tcpdump?
There are a few options, depending on your architecture/configuration. A main difference between monitor traffic and production traffic is the monitor will use a non-floating Self IP of the device, whereas production traffic may use a floating Self IP. If you have an HA pair, you may already have a floating Self IP. If not, you can set one up (just watch your backend firewall rules if you have any).
Then filter based on the source being either the floating (production) or non-floating (monitor).
Another method is to use a Send String inside your monitor (provided your backend application can listen for and parse the data) and then filter based on finding that string in the payload.
CirrusThere are a few options, depending on your architecture/configuration. A main difference between monitor traffic and production traffic is the monitor will use a non-floating Self IP of the device, whereas production traffic may use a floating Self IP. If you have an HA pair, you may already have a floating Self IP. If not, you can set one up (just watch your backend firewall rules if you have any).
Then filter based on the source being either the floating (production) or non-floating (monitor).
Another method is to use a Send String inside your monitor (provided your backend application can listen for and parse the data) and then filter based on finding that string in the payload.
