For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Vinaykumar_1689's avatar
Vinaykumar_1689
Icon for Nimbostratus rankNimbostratus
Jan 19, 2017

TCPDUMP-help

I am trying to run tcpdump on LTM, I am not getting the traffic captured, there is no SNAT applied on VIP, If there is no SNAT applied, we should be able to see client's IP as source IP, when I am using clients IP in source, I am not getting any traffic hits, if SNAT is not applied then clients ip is replaced by self IP by default ? I am running following command tcpdump -nni 0.0 src host "Souce IP" and dst host "destination-ip" and dst port "PORT" when I run following command, I am getting traffic captured tcpdump -nni 0.0 dst host "destination-ip" and dst port "PORT"

 

application delivery
LTM

3 Replies

  • KeesvandenBos's avatar
    KeesvandenBos
    Icon for MVP rankMVP
    Jan 19, 2017

    What is the source ip in a packet when you perform tcpdump -nni 0.0 dst host "destination-ip" and dst port "PORT"???

     

    And I you see the self ip as the source IP then your looking at health monitoring traffic in your tcpdump (or do you have snat automap enabled on the vip?)

     

    Cheers,

     

    Kees

     

  • jgranieri's avatar
    jgranieri
    Icon for Nimbostratus rankNimbostratus
    Jan 19, 2017

    if you are unsure of the pcap settings just run the tcpdump on the interface and or vlan. granted this will capture everything but at least you will know if the traffic is coming into the VS. use different tcpdumps for ingress and egress VLAN

     

    tcpdump -i VLAN_Name -s 0 -w filename.txt

     

  • Vinaykumar_1689's avatar
    Vinaykumar_1689
    Icon for Nimbostratus rankNimbostratus
    Jan 20, 2017

    Thanks for answering, I was trying on DMZ LTM, that was the reason traffic was not captured

     

    with true source IP, I tried on internal LTM, the tcpdump command works well.