For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

aspindler34_133's avatar
aspindler34_133
Icon for Nimbostratus rankNimbostratus
Jan 06, 2015

tcpdump on LTM

I am trying to capture traffic of communications between clients and servers. I currently have the syntax of my tcpdump commands worked out to what I want. But, when I try to save it to a file type and export it off the LTM and try to open it in wireshark for analysis, I get the following error. "The file "test.pcap" isnt a capture file in a format Wireshark understands." I receive this error from other file types as well.

 

Is there a standard file type I should Use? After I finish posting this I am going to try this with .bin instead of .pcap or its variants.

 

application delivery
diagnostic
LTM
management
TMOS
TMSH

2 Replies

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Jan 06, 2015

    when I try to save it to a file type and export it off the LTM and try to open it in wireshark for analysis, I get the following error. "The file "test.pcap" isnt a capture file in a format Wireshark understands."

    what the tcpdump command did you use? was it -w option?

    -w   Write  the raw packets to file rather than parsing and printing them out.  They can later be printed with the -r option.  Standard output is used if file is ââ-ââ.  When writing packets in this manner, the first packet in the file will be a pseudo  packet  indicating  the  command line  used  to  run  tcpdump and some system information.  This pseudo packet is not counted in the packets captured summary information nor when limiting the length of the capture with the -c option.