Forum Discussion

Nimbostratus

Dec 09, 2015

TCPDump for capturing traffing between Virtual Server and Pool Members

Hi guys, glad to have this community to help me. I want to ask what is the best way to capturing traffic between my servers going to a VS and specific pool members. For example i have one ...

application delivery

LTM

Amine_Kadimi

MVP

Dec 09, 2015

Hi, Considering that F5 is a full proxy then you have two distinct client to server connections:

first is (SRC:172.16.16.100 and DST:172.16.16.1),
second is (SRC:X.X.X.X and DST:10.10.10.11 or 10.10.10.12), src depends on your SNAT configuration, if using automap then it is an F5 self IP.

So your tcpdump needs to have an "OR" to match both connections, you've set up and "AND". Something like:

tcpdump -ni 0.0 (src host 172.16.16.100 and dst host 172.16.16.1) or (dst host 10.10.10.11 or dst host 10.10.10.12)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

TCPDump for capturing traffing between Virtual Server and Pool Members

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

[ASM] : "Request length exceeds defined buffer size " - How to increase the limit ?

Managing iRules configuration

CPU load when Prometheus is scraping metrics from F5 BIG-IP LTM

Problem with sending BotDefense logs to remote server

ASM/AWAF declarative policy

Related Content

decrypted tcpdump capture without using an iRule and without using tshark

Tcpdump Capture

decrypted tcpdump capture without using an iRule using tshark

Decrypting BIG-IP Packet Captures without iRules

Decrypting BIG-IP Packet Captures Automatically

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS