I need to be able to see tcp traffic between client and F5 and between F5 and pool memebers. Anybody knows how I can setup and view that? Thanks

if you have cli access, you can use tcpdump. You can specify a file for clientside/serverside separately or you can use the special interface 0.0 to capture from all links.

by default, system log (e.g. /var/log/ltm) does not include application traffic. if you want to log application traffic, you can use irule. e.g. Log Http Tcp Udp To Syslogng https://devcentral.f5.com/wiki/iRules.LogHttpTcpUdpToSyslogng.ashx

Hi Nitaas, Can't i see tcp traffic between client and F5 and between F5 and pool memebers from F5 LTM cli??? If yes can you please shrae the commands to check it.

LTM Log Files | DevCentral

JRahm
Admin
Apr 03, 2011
if you have cli access, you can use tcpdump. You can specify a file for clientside/serverside separately or you can use the special interface 0.0 to capture from all links.
nitass
Employee
Feb 23, 2014
by default, system log (e.g. /var/log/ltm) does not include application traffic. if you want to log application traffic, you can use irule.

e.g.

Log Http Tcp Udp To Syslogng

https://devcentral.f5.com/wiki/iRules.LogHttpTcpUdpToSyslogng.ashx
- MOHIT_125417
  Altostratus
  Dec 30, 2014
  Hi Nitaas, Can't i see tcp traffic between client and F5 and between F5 and pool memebers from F5 LTM cli??? If yes can you please shrae the commands to check it.
- nitass
  Employee
  Dec 30, 2014
  do yo mean packet? if yes, you can run tcpdump. tcpdump -nni 0.0 -s0 host x.x.x.x or host y.y.y.y x.x.x.x is client ip y.y.y.y is pool member ip
- shaggy
  Nimbostratus
  Dec 30, 2014
  (more tcpdump info) - https://support.f5.com/kb/en-us/solutions/public/0000/400/sol411.html There is also the command "tmsh show sys connection" which will show you current connection details
nitass_89166
Noctilucent
Feb 23, 2014
by default, system log (e.g. /var/log/ltm) does not include application traffic. if you want to log application traffic, you can use irule.

e.g.

Log Http Tcp Udp To Syslogng

https://devcentral.f5.com/wiki/iRules.LogHttpTcpUdpToSyslogng.ashx
- MOHIT_125417
  Altostratus
  Dec 30, 2014
  Hi Nitaas, Can't i see tcp traffic between client and F5 and between F5 and pool memebers from F5 LTM cli??? If yes can you please shrae the commands to check it.
- nitass_89166
  Noctilucent
  Dec 30, 2014
  do yo mean packet? if yes, you can run tcpdump. tcpdump -nni 0.0 -s0 host x.x.x.x or host y.y.y.y x.x.x.x is client ip y.y.y.y is pool member ip
- shaggy
  Nimbostratus
  Dec 30, 2014
  (more tcpdump info) - https://support.f5.com/kb/en-us/solutions/public/0000/400/sol411.html There is also the command "tmsh show sys connection" which will show you current connection details
NAG_65570
Historic F5 Account
Mar 03, 2016
You can capture client side traffic and responding server side traffic using below command::

tcpdump -vvnni 0.0:nnnp -s0 host x.x.x.x and port yy
where x.x.x.x is Virtual IP and yy is virtual server port number

If you want to traffic for a specific client then::

tcpdump -vvnni 0.0:nnnp -s0 host x.x.x.x
where x.x.x.x is client IP

If you want write captured traffic to a file to review later in wire shark or some other tool use 'w' option and provide path to the file

tcpdump -vvnni 0.0:nnnp -s0 -w /var/tmp/capture.pcap host x.x.x.x