Forum Discussion
NimbostratusLooking to capture X-Forwarded-For on Big IP 11.2.1
Dev,
I've got some application owners that are saying they can't see the X-Forwarded-For header on their app server. They have gotten the same treatment as everyone else, X-Forwarded-For, as well as X-Forwarded-Proto, and other have verified it's working for them. Is there a way to capture that as the LTM and verify it's being pushed down to the server? I know I can do a TCPDump, and I think I need to add the -w option in to capture it, but I'm not 100% on that. If anybody has any idea on how to capture the header in the logs or through a dump, that would be great!
3 Replies
Jason_40733Cirrocumulus
tcpdump -ni {interface} -s 0 -w /tmp/myfile.pcap host {ip of pool node} and port { port of pool node}
-s 0 gives the whole packet. -w designates you're dumping it to an output file.
man pages should work for tcpdump as well.
Jason
Sven_Leupold_85Cirrus
an iRule would do the job
when HTTP_REQUEST { set LogString "Client [IP::client_addr]:[TCP::client_port] -> [HTTP::host [HTTP::uri]" log local0. "=============================================" log local0. "$LogString (request)" foreach aHeader [HTTP::header names] { log local0. "$aHeader: [HTTP::header value $aHeader]" } log local0. "============================================="}
Dali_Chauhan_33Hi,
Please use below syntax to get TCPDUMP
tcpdump -nni 0.0:nnnp host a.b.c.d or host x.y.z.s -s0 -w /var/tmp/Client.pcap
meaning of above lines are :-
-nn Do not resolve host or service names -i Interface - can be ifname or vlan name -w Write output to file host - IP address of host(source address/destination address) Client.pcap- file name in pcap format
You can add multiple IP address by using OR or AND option .
method to get the tcpdump in F-5 LTM
login into f-5 cli type bash add below command and capture the file in pcap format. Run that file in wireshark and check the output.
