Forum Discussion
Ørjan
Nimbostratus
NimbostratusHow to turn off tmm info in tcpdump
From what I read in https://support.f5.com/csp/article/K13637 you have to actively tell the F5 implementation of tcpdump to include additional information. I have the opposite problem that there always is additional info in the capture file. I get a first packet with information about the command I used, Big-IP version, hostname, BIG-IP platform and product name. In each packet the partition and virtual server path is included at the end. (Which causes wireshark to tag the packets with "ethernet frame check sequence incorrect") It is sometimes useful to send packet captures to external parties for troubleshooting and I would prefer this to not be included.
I use tcpdump as I normally do on other devices i.e. "tcpdump -i external -nn host 1.2.3.4 -w /path/ -s 0 -vv". The result is the same from tmsh, bash and regardless of which partition I have set the shell to. Should the capture file be "clean" in the sense that tcpdump will see it as a normal capture when you capture like this?
cjuniorNacreous
Hi, did you find out solution to this cause? Maybe this can explain me why I have packets corrupted on v11.6.1. I realized that some HTTP headers was corrupted due to wrong bits inserted to that packets.
Thank you.
Andy_McGrathCumulonimbus
It is the -nn that adds the TMM info. The following I think should work and not insert tmm info:
tcpdump -i external host 1.2.3.4 -w /path/ -s 0 -vv"- P_K
Altostratus
It's the nnnp when joined with interface or vlan provides high level of tmm info.
Ex: tcpdump -nni 0.0:nnnp....
nnnp - Low, medium, High tmm details in the packet capture with specific traffic flow between peers.
