For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

JayanthLakshmipathy's avatar
JayanthLakshmipathy
Icon for Nimbostratus rankNimbostratus
Nov 08, 2023
Solved

Looking for a TMSH command to check traffic flow

Hi

I have few VS configured with source, destination and port as ANY. Its an early configuration, not sure whats the background. I can see traffic on all VS statistics. 

Would like to check, is there any way to find our which traffic is transmitted via which VS?

I know source, destination and port of the traffic and can simulate the traffic to verify. Appreciate if anyone can share with me command or possibilities?

 

Thank you

Jay

application delivery
LTM
  • Paulius's avatar
    Paulius
    Nov 08, 2023

    JayanthLakshmipathy I'm not sure if a command exists that would show this because the typical connection table outputs source IP, source port, destination IP, destination port, and destination pool member. I think the only option to look at connections in a reactive way would be to perform a tcpdump with the following flags that would insert F5 information about where the traffic is going.

    tcpdump -nni 0.0:nnp host <client_IP> -w /shared/tmp/my_cap.pcap

3 Replies

  • Paulius's avatar
    Paulius
    Icon for MVP rankMVP
    Nov 08, 2023

    JayanthLakshmipathy I'm not sure if a command exists that would show this because the typical connection table outputs source IP, source port, destination IP, destination port, and destination pool member. I think the only option to look at connections in a reactive way would be to perform a tcpdump with the following flags that would insert F5 information about where the traffic is going.

    tcpdump -nni 0.0:nnp host <client_IP> -w /shared/tmp/my_cap.pcap

  • Mohamed_Salah_'s avatar
    Mohamed_Salah_
    Icon for MVP rankMVP
    Nov 08, 2023

    Hello,

    You can filter by the client side IP if need to check which virtual server is selected.

    Command:

    #show sys connection cs-client-addr 192.168.8.1

    Output:
    Sys::Connections

      client IP                virtual server IP   source from F5 (self IP)      backend server
    192.168.8.1:54105 192.168.8.100:80     192.168.7.111:26379          192.168.7.100:80 tcp 4 (tmm: 1)

    There are also multiple options in show sys connection that you can check and verify with.

    command output explanation:

    https://my.f5.com/manage/s/article/K40033505

    command options:

    https://my.f5.com/manage/s/article/K53851362

     

    Thanks,

    Mohamed Salah