For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

clydef_16789's avatar
clydef_16789
Icon for Nimbostratus rankNimbostratus
Sep 09, 2014

TCPdump question

Hi all, Im looking to capture traffic between my front-end VIP and 1 backend server. Is below command not correct? When i seen to wireshark it shows unrelated ip and not capture between my front-end VIP which is on port 443 and my backend server which is on 8081

 

tcpdump -s0 -nni 0.0:nnn '(host 10.x.x.x) or (host 10.x.x.x )' -w /var/tmp/sg.pcap

 

1 Reply

  • BinaryCanary_19's avatar
    BinaryCanary_19
    Historic F5 Account
    Sep 10, 2014

    tcpdump -s0 -i0.0:nnn "host 10.x.x.x and host 10.y.y.y" -w /var/tmp/backend.cap

    You use "and" when you want to capture traffic only between two hosts. if you use "or", then you are going to capture "all" traffic involving any of the IP addresses you specify, as long as one of the communicating hosts is in the list you specified.