Forum Discussion
Altostratustcpdump host filtering not working
After running a tcpdump with the -nnnp flags to capture the TMM information, subsequent tcpdumps include extraneous traffic that does not match the host filter criteria. I have tried clearing the flow information by running another dump without the -p flag on unrelated traffic as suggested here https://support.f5.com/csp/article/K13637 and here https://devcentral.f5.com/questions/tcpdump-with-snat, but I still see IPs other than what I'm filtering for in later tcpdumps using the -nnnp flags.
For example, running "tcpdmp -nnvvvi 0.0:nnnp host [public_source_IP] -s0 -C200" is not just showing the connections from public_source_IP to the VIP and the corresponding back-end connections from the F5 to the server, but also connections from other public IPs and those back-end connections. I tried clearing the flows with "tcpdump -ni 0.0:nnn -s0 port 8080", which did capture some traffic, then running my capture again, no change. I've also tried some variations of that capture to clear the flows.
It seems like nothing I do can capture only the connections from my desired source IP and the corresponding back-end server connections.
Any suggestions?
rob_carr_76748Nimbostratus
How about switching from 0.0 to the specific external vlan your client-side connections are arriving on?
rob_carrCirrocumulus
How about switching from 0.0 to the specific external vlan your client-side connections are arriving on?
Jimmy_LGood thought, thank you, but it appears to have the same results.