For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

mikeshift4_6102's avatar
mikeshift4_6102
Icon for Nimbostratus rankNimbostratus
Apr 21, 2014

tcpdump of both sides of proxy

Is there an easy way in a single command to do a tcpdump and see the client to vip and auto-map to pool memeber side of a conversation or do i need to add the known nodes into my filter  
application delivery
LTM
management
nitass's avatar
nitass
Icon for Employee rankEmployee
Apr 22, 2014

if you are using 11.2.0 or later, you can use nnnp interface modifier as Cory suggested.

Capturing traffic with TMM information for a specific traffic flow

Beginning in BIG-IP 11.2.0, you can use the 'p' interface modifier with the 'n' modifier to capture traffic with TMM information for a specific flow, and its related peer flow. The p modifier allows you to capture a specific traffic flow through the BIG-IP system from end to end, even when the configuration uses a Secure Network Address Translation (SNAT) or OneConnect. For example, the following command searches for traffic to or from client 10.0.0.1 on interface 0.0:

tcpdump -ni 0.0:nnnp -s0 -c 100000 -w /var/tmp/capture.dmp host 10.0.0.1

Once tcpdump identifies a related flow, the flow is marked in TMM, and every subsequent packet in the flow (on both sides of the BIG-IP system) is written to the capture file.

sol13637: Capturing internal TMM information with tcpdump

http://support.f5.com/kb/en-us/solutions/public/13000/600/sol13637.html