Forum Discussion
tcpdump on F5
How do these tcpdump difference?
tcpdump -nni 0.0 host 192.168.1.123 and 192.168.200.123 & tcpdump -nni host 172.16.1.37 and 172.16.20.1
tcpdump -nni 0.0 host 192.168.1.123 and 192.168.200.123 | tcpdump -nni host 172.16.1.37 and 172.16.20.1
I want capture traffic client side and server side.
You should simply use this:
tcpdump -nni 0.0 host 192.168.1.123 and host 192.168.200.123 or host 172.16.1.37 and host 172.16.20.1
Best regards, Christophe
- Greg_Chew_31149Historic F5 Account
Beginning in BIG-IP 11.2.0, you can use the p interface modifier with the n modifier to capture traffic with TMM information for a specific flow, and its related peer flow. The p modifier allows you to capture a specific traffic flow through the BIG-IP system from end to end, even when the configuration uses a Secure Network Address Translation (SNAT) or OneConnect. For example, the following command searches for traffic to or from client 10.0.0.1 on interface 0.0:
tcpdump -ni 0.0:nnnp -s0 -c 100000 -w /var/tmp/capture.dmp host 10.0.0.1
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com