Forum Discussion
Nimbostratusshow runtime from a packet through a BigIP
Hi Everyone,
is there a possibility to show the runtime from a packet come in the bigip on physical interface 1 to go outside on physical interface 2? Tcpdump is not running on two interfaces same time. Is there a tmsh command? Thanks in advance
Juergen
2 Replies
Henrik_GyllkranThere is a possibility of doing "tcpdump -ni 0.0" which will capture traffic on all interfaces but depending on how much traffic your BIG-IP is handling that might be risky.
IheartF5_45022Nacreous
You can narrow it down to reduce the number of packets captured
tcpdump -i0.0:nnn -s0 -w /var/tmp/pac.cap '(host c.c.c.c and host x.x.x.x and port ww) or port kk'where c.c.c.c is the IP of the client, x.x.x.x is IP of the virtual server, ww is the port of the vs
kk is port of pool memberAre you using SNAT automap? We can narrow it down even further if so ;-
tcpdump -i0.0:nnn -s0 -w /var/tmp/pac.cap '(host c.c.c.c and host x.x.x.x and port ww) or (host y.y.y.y and port kk)'where y.y.y.y is address of serverside egress floating IP
or if not using SNAT automap;-
tcpdump -i0.0:nnn -s0 -w /var/tmp/pac.cap '(host c.c.c.c and host x.x.x.x and port ww) or (host c.c.c.c and port kk)'
