TCPDUMP -A Option?

What does that option do?

It decodes the HTTP traffic at the shell instead of just seeing the TCP SYN/ACK/PUSH flow. Pretty nice to see the errors from the web servers, especially when configuring monitors.

Essentially, it's the same as the -X option, but without the hex dump.

 

 

The only reference I could find to the -A flag was on this page:

 
 http://openmaniak.com/tcpdump.php 
 To display the packets content: 
  
 tcpdump -A 
 Packets capture during a FTP connection. The FTP password can be easily intercepted because it is sent in clear text to the server. 
  
 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode 
 listening on ath0, link-type EN10MB (Ethernet), capture size 96 bytes 
 20:53:24.872785 IP ubuntu.local.40205 > 192.168.1.2.ftp: S 4155598838:4155598838(0) win 5840 
 ....g.................... 
 ............ 
 20:53:24.879473 IP ubuntu.local.40205 > 192.168.1.2.ftp: . ack 1228937421 win 183 
 ....g.I@............. 
 ........ 
 20:53:24.881654 IP ubuntu.local.40205 > 192.168.1.2.ftp: . ack 43 win 183 
 ....g.I@.......8..... 
 ......EN 
 20:53:26.402046 IP ubuntu.local.40205 > 192.168.1.2.ftp: P 0:10(10) ack 43 win 183 
 ....g.I@......`$..... 
 ...=..ENUSER teddybear 
  
 20:53:26.403802 IP ubuntu.local.40205 > 192.168.1.2.ftp: . ack 76 win 183 
 ....h.I@............. 
 ...>..E^ 
 20:53:29.169036 IP ubuntu.local.40205 > 192.168.1.2.ftp: P 10:25(15) ack 76 win 183 
 ....h.I@......c..... 
 ......E^PASS wakeup  
 

I don't think there is an exact corollary to -A in LTM's (or most other platforms') versions of tcpdump. As you found, you can use -X, but it prints the hex along with the data. For monitor troubleshooting it can actually be better to see the hex than just the printable characters in the data. It's handy being able to differentiate between the different non-printable characters.

You could compile your own tcpdump, but this isn't supported by F5.

Aaron