For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

llTAEll_168388's avatar
llTAEll_168388
Icon for Nimbostratus rankNimbostratus
Sep 09, 2015

tcpdump on F5

How do these tcpdump difference?   tcpdump -nni 0.0 host 192.168.1.123 and 192.168.200.123 & tcpdump -nni host 172.16.1.37 and 172.16.20.1   tcpdump -nni 0.0 host 192.168.1.123 and 192.168.200....
application delivery
LTM
management
Greg_Chew_31149's avatar
Greg_Chew_31149
Historic F5 Account
Sep 10, 2015

Beginning in BIG-IP 11.2.0, you can use the p interface modifier with the n modifier to capture traffic with TMM information for a specific flow, and its related peer flow. The p modifier allows you to capture a specific traffic flow through the BIG-IP system from end to end, even when the configuration uses a Secure Network Address Translation (SNAT) or OneConnect. For example, the following command searches for traffic to or from client 10.0.0.1 on interface 0.0:

 

tcpdump -ni 0.0:nnnp -s0 -c 100000 -w /var/tmp/capture.dmp host 10.0.0.1