For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Paul_108843's avatar
Paul_108843
Icon for Nimbostratus rankNimbostratus
Apr 02, 2011

LTM Log Files

I need to be able to see tcp traffic between client and F5 and between F5 and pool memebers. Anybody knows how I can setup and view that? Thanks
management
monitoring

10 Replies

  • JRahm's avatar
    JRahm
    Icon for Admin rankAdmin
    Apr 03, 2011
    if you have cli access, you can use tcpdump. You can specify a file for clientside/serverside separately or you can use the special interface 0.0 to capture from all links.
    • MOHIT_125417's avatar
      MOHIT_125417
      Icon for Altostratus rankAltostratus
      Dec 30, 2014
      Hi Nitaas, Can't i see tcp traffic between client and F5 and between F5 and pool memebers from F5 LTM cli??? If yes can you please shrae the commands to check it.
    • nitass's avatar
      nitass
      Icon for Employee rankEmployee
      Dec 30, 2014
      do yo mean packet? if yes, you can run tcpdump. tcpdump -nni 0.0 -s0 host x.x.x.x or host y.y.y.y x.x.x.x is client ip y.y.y.y is pool member ip
    • shaggy's avatar
      shaggy
      Icon for Nimbostratus rankNimbostratus
      Dec 30, 2014
      (more tcpdump info) - https://support.f5.com/kb/en-us/solutions/public/0000/400/sol411.html There is also the command "tmsh show sys connection" which will show you current connection details
    • MOHIT_125417's avatar
      MOHIT_125417
      Icon for Altostratus rankAltostratus
      Dec 30, 2014
      Hi Nitaas, Can't i see tcp traffic between client and F5 and between F5 and pool memebers from F5 LTM cli??? If yes can you please shrae the commands to check it.
    • nitass_89166's avatar
      nitass_89166
      Icon for Noctilucent rankNoctilucent
      Dec 30, 2014
      do yo mean packet? if yes, you can run tcpdump. tcpdump -nni 0.0 -s0 host x.x.x.x or host y.y.y.y x.x.x.x is client ip y.y.y.y is pool member ip
    • shaggy's avatar
      shaggy
      Icon for Nimbostratus rankNimbostratus
      Dec 30, 2014
      (more tcpdump info) - https://support.f5.com/kb/en-us/solutions/public/0000/400/sol411.html There is also the command "tmsh show sys connection" which will show you current connection details
  • NAG_65570's avatar
    NAG_65570
    Historic F5 Account
    Mar 03, 2016

    You can capture client side traffic and responding server side traffic using below command::

     

    tcpdump -vvnni 0.0:nnnp -s0 host x.x.x.x and port yy
    • where x.x.x.x is Virtual IP and yy is virtual server port number

    If you want to traffic for a specific client then::

     

    tcpdump -vvnni 0.0:nnnp -s0 host x.x.x.x
    • where x.x.x.x is client IP

    If you want write captured traffic to a file to review later in wire shark or some other tool use 'w' option and provide path to the file

     

    tcpdump -vvnni 0.0:nnnp -s0 -w /var/tmp/capture.pcap host x.x.x.x