Forum Discussion
Pcap and accessing /var/tmp
Hello!
I'm pretty new to F5 and I'm running into an issue navigating the CLI. basically I've ssh'd into a F5 device through a jumpbox and all I'm trying to do is get a pcap and save it on the device one the /var/tmp but I can't seem to navigate too /var/tmp to make sure the file was saved. I'm at the (/common) tmos: directory when I run the tcpdump -nni 0.0 -w /var/tmp/packet.pcap command. It works fine and does the capture but I just can't seem to navigate too it. Every command I try like "find" give me a syntax error.
If anyone could give me a hand that would be incredible!
Linux my friend! Make sure you are in bash shell. You may need to escape TMOS via run /util bash command. Then cd into directory and ls:
- cd /var/tmp
- ls
Now, a "hack" to easily retrieve files via GUI is to copy or move them into /var/local/ucs and navigate via System -> Archives in GUI and download.
- cp /var/tmp/packet.pcap /var/local/ucs/packet.pcap.ucs
Just rename it back after download.
Praedyth Because you are most likely in TMOS you cannot see the Linux file structure from here. Assuming your user has access to the Linux OS you would issue the command "bash" which will dump you into the Linux side of the OS and then you can navigate to the appropriate directory by using command "cd /var/tmp/" and then you can do an "ls -l | grep ".pcap" to find all your pcaps. Once you're done you can type "exit" which will dump you back to TMOS and then you can type "quit" which will log you out of the F5 all together. If your intent is to copy the file off you can use winSCP for Windows based OS and connect to the F5 this way and then navigate to the appropriate path or if you're on Linux you can scp the file off of the F5 to your local machine.
Linux my friend! Make sure you are in bash shell. You may need to escape TMOS via run /util bash command. Then cd into directory and ls:
- cd /var/tmp
- ls
Now, a "hack" to easily retrieve files via GUI is to copy or move them into /var/local/ucs and navigate via System -> Archives in GUI and download.
- cp /var/tmp/packet.pcap /var/local/ucs/packet.pcap.ucs
Just rename it back after download.
Praedyth Because you are most likely in TMOS you cannot see the Linux file structure from here. Assuming your user has access to the Linux OS you would issue the command "bash" which will dump you into the Linux side of the OS and then you can navigate to the appropriate directory by using command "cd /var/tmp/" and then you can do an "ls -l | grep ".pcap" to find all your pcaps. Once you're done you can type "exit" which will dump you back to TMOS and then you can type "quit" which will log you out of the F5 all together. If your intent is to copy the file off you can use winSCP for Windows based OS and connect to the F5 this way and then navigate to the appropriate path or if you're on Linux you can scp the file off of the F5 to your local machine.
Hi Praedyth ,
Short simple and sweet
for easy access to the files and the filesystem I always rely and depend and use WINSCP to connect to the F5 boxes using approprite authority credentials for CLI root or whatsoever for SSH/SFTP/SCPDownload and Install WINSCP a very trusted tool from many years for SSH/SFTP/SCP to access f5 Filesystem from Windows machine.
WINSCP is a UNIVERSAL answer for files uploading and downloading in a DAY-to_DAY requirements.
You can search for similar other SCP/SFTP/SSH client softwares of the same category.
Its Free license and i am using it from many years, as it has many other good features which i use to organize dozens of F5 logins and easy access to F5 File systems, OS file UPload to F5 Boxes or certifictaes upload and many such filesystem task for most hassle free experience.
Here the steps that you can follow by adding F5 boxes to the WINSCP tool
After pressing Login button it wil ask me to validate the SSH keys, its showing breach as I have two F5 both in 8GB virtual VMware , and having same IP , 192.168.1.245 i run only one VM at a time, one with LTM+GTM+ASM and the 2nd with same MGMT IP LTM+GTM+APM in my personal test LAB thats why iti s showing POTENTIA SECURITY BREACH Alert, you can ignore it simply.
Add the /var/tmp by double clicking on the light blue title bar where you will see /root
Add Shared bookmarks as /var/tmp
Once added double click on the bookmarks to reach to the folder in your F5 Filesystem showing on the right side, where you saved your TCPDUMP PCAP,
Let me know if you need any further help on WINSCP secrets.
HTH
F5 Design Engineer
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com