Forum Discussion

Praedyth's avatar
Praedyth
Icon for Nimbostratus rankNimbostratus
Jun 07, 2023
Solved

Pcap and accessing /var/tmp

Hello!  I'm pretty new to F5 and I'm running into an issue navigating the CLI. basically I've ssh'd into a F5 device through a jumpbox and all I'm trying to do is get a pcap and save it on the devic...
cloud
devops
  • whisperer's avatar
    whisperer
    Jun 07, 2023

    Linux my friend! Make sure you are in bash shell. You may need to escape TMOS via run /util bash command. Then cd into directory and ls:

    - cd /var/tmp

    - ls

    Now, a "hack" to easily retrieve files via GUI is to copy or move them into /var/local/ucs and navigate via System -> Archives in GUI and download.

    - cp /var/tmp/packet.pcap /var/local/ucs/packet.pcap.ucs

    Just rename it back after download.

     

  • Paulius's avatar
    Paulius
    Jun 07, 2023

    Praedyth Because you are most likely in TMOS you cannot see the Linux file structure from here. Assuming your user has access to the Linux OS you would issue the command "bash" which will dump you into the Linux side of the OS and then you can navigate to the appropriate directory by using command "cd /var/tmp/" and then you can do an "ls -l | grep ".pcap" to find all your pcaps. Once you're done you can type "exit" which will dump you back to TMOS and then you can type "quit" which will log you out of the F5 all together. If your intent is to copy the file off you can use winSCP for Windows based OS and connect to the F5 this way and then navigate to the appropriate path or if you're on Linux you can scp the file off of the F5 to your local machine.

F5_Design_Engineer's avatar
F5_Design_Engineer
Icon for MVP rankMVP
Jun 09, 2023

Hi Praedyth ,

 

Short simple and sweet
for easy access to the files and the filesystem I always rely and depend and use WINSCP to connect to the F5 boxes using approprite authority credentials for CLI root or whatsoever for SSH/SFTP/SCP 

Download and Install WINSCP a very trusted tool from many years for SSH/SFTP/SCP to access f5 Filesystem from Windows machine.

WINSCP is a UNIVERSAL answer for files uploading and downloading in a DAY-to_DAY requirements.

You can search for similar other SCP/SFTP/SSH client softwares of the same category.

Its Free license and i am using it from many years, as it has many other good features which i use to organize dozens of F5 logins and easy access to F5 File systems, OS file UPload to F5 Boxes or certifictaes upload and many such filesystem task for most hassle free experience.

 

Here the steps that you can follow by adding F5 boxes to the WINSCP tool

After pressing Login button it wil ask me to validate the SSH keys, its showing breach as I have two F5 both in 8GB virtual VMware , and having same IP , 192.168.1.245 i run only one VM at a time, one with LTM+GTM+ASM and the 2nd with same MGMT IP  LTM+GTM+APM  in my personal test LAB thats why iti s showing POTENTIA SECURITY BREACH Alert, you can ignore it simply.

 

 

Add the /var/tmp by double clicking on the light blue title bar where you will see /root

 

Add Shared bookmarks as /var/tmp

Once added double click on the bookmarks to reach to the folder in your F5 Filesystem showing on the right side, where you saved your TCPDUMP PCAP, 

 

 

Let me know if you need any further help on WINSCP secrets.

HTH

F5 Design Engineer