tcpdump on F5

Question

How do these tcpdump difference?&nbsp;
tcpdump -nni 0.0 host 192.168.1.123 and 192.168.200.123 &amp; tcpdump -nni host 172.16.1.37 and 172.16.20.1&nbsp;
tcpdump -nni 0.0 host 192.168.1.123 and 192.168.200.123 | tcpdump -nni host 172.16.1.37 and 172.16.20.1&nbsp;
I want capture traffic client side and server side.&nbsp;

christophe_lem2 · Answer

You should simply use this:&nbsp;
tcpdump -nni 0.0 host 192.168.1.123 and host 192.168.200.123 or host 172.16.1.37 and host 172.16.20.1&nbsp;
Best regards,
Christophe&nbsp;

greg_chew_31149 · Answer

Beginning in BIG-IP 11.2.0, you can use the p interface modifier with the n modifier to capture traffic with TMM information for a specific flow, and its related peer flow. The p modifier allows you to capture a specific traffic flow through the BIG-IP system from end to end, even when the configuration uses a Secure Network Address Translation (SNAT) or OneConnect. For example, the following command searches for traffic to or from client 10.0.0.1 on interface 0.0:&nbsp;
tcpdump -ni 0.0:nnnp -s0 -c 100000 -w /var/tmp/capture.dmp host 10.0.0.1&nbsp;

Forum Discussion

tcpdump on F5

Recent Discussions

MAC address of deleted VS IP address still responsive

Different common name ssl acces 403 forbiddent

dynamic signature detection

DNS HM Probe issue

F5 looses the token for the first call

Related Content

ltm log entries when starting and stopping tcpdump

Tcpdump and ping

tcpdump

tcpdump

TCPDUMP OUTPUT

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS