Forum Discussion

Nimbostratus

Dec 09, 2015

TCPDump for capturing traffing between Virtual Server and Pool Members

Hi guys, glad to have this community to help me. I want to ask what is the best way to capturing traffic between my servers going to a VS and specific pool members. For example i have one ...

application delivery

LTM

Amine_Kadimi

MVP

Dec 09, 2015

Hi, Considering that F5 is a full proxy then you have two distinct client to server connections:

first is (SRC:172.16.16.100 and DST:172.16.16.1),
second is (SRC:X.X.X.X and DST:10.10.10.11 or 10.10.10.12), src depends on your SNAT configuration, if using automap then it is an F5 self IP.

So your tcpdump needs to have an "OR" to match both connections, you've set up and "AND". Something like:

tcpdump -ni 0.0 (src host 172.16.16.100 and dst host 172.16.16.1) or (dst host 10.10.10.11 or dst host 10.10.10.12)

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

TCPDump for capturing traffing between Virtual Server and Pool Members

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

How can I get started with iCall

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Related Content

decrypted tcpdump capture without using an iRule and without using tshark

Tcpdump Capture

decrypted tcpdump capture without using an iRule using tshark

Decrypting BIG-IP Packet Captures without iRules

Decrypting BIG-IP Packet Captures Automatically

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS