Forum Discussion
fluzocapacitor
Altocumulus
AltocumulusIssue with Capturing SYN-ACK Packets on F5 BigIP Virtual Server
Hello everyone, I have a virtual server set up on an F5 BigIP. I captured traffic on a client (IP: 10.16.x.x) of the balanced service and on the virtual server itself (IP: 10.16.y.y). On the client ...
fluzocapacitorAltocumulus
AltocumulusHello,
I have tried capturing with various options, but I have not been able to capture any SYN-ACK packets. Here are the commands I used:
tcpdump -i /Common/vlan_name:nnnp -n -w /var/tmp/bl_px_01.pcap -v 'tcp[tcpflags] & (tcp-syn|tcp-ack) != 0 and host client_ip and port 80'
tcpdump -i 0.0:nnnp -n -w /var/tmp/bl_px_01.pcap -v 'tcp[tcpflags] & (tcp-syn|tcp-ack) != 0 and host client_ip and port 80'Despite these attempts, I still do not see the SYN-ACK packets in the capture. Maybe as wendelyes suggested, some traffic is hidden because of offloading.
Thank you for your assistance.
- fluzocapacitor
Hello,
By the way, offload is enabled:
PVA TCP Offload State
Specifies the TCP state at which the ePVA performs hardware offload.
- SYN: Specifies that the ePVA performs hardware offload at the first client SYN. It also performs the EST-time snoop if the previous SYN-time snoop fails.
- EST: Specifies that the ePVA performs hardware offload at the client ACK when in SYN/ACK state, when the connection is transitioning towards established.
Regards,