tcpdump raw packet capture

Question

Does anyone know how to perform a raw packet capture using tcpdump? I have found multiple answers online but none seem to work. When I load the capture into wireshark I still see "Packet truncated during capture".

hoolio · Answer

Hi Brian, 
&nbsp;  
&nbsp; The packets are being truncated because the default packet size capture is tiny.  You can use -s 1500 or -s 0 on LTM to capture the full packets. 
&nbsp;  
&nbsp;  
&nbsp; SOL411: Overview of packet tracing with the tcpdump utility  
&nbsp; http://support.f5.com/kb/en-us/solutions/public/0000/400/sol411.html 
&nbsp;  
&nbsp; Capturing Packet Data 
&nbsp;  
&nbsp; The tcpdump utility provides an option which allows you to specify the amount of each packet to capture. 
&nbsp;  
&nbsp; You can use the -s (snarf/snaplen) option to specify the amount of each packet to capture. To capture the entire packet, use a value of 0 (zero). For example: 
&nbsp;  
&nbsp; tcpdump -s0 src host 172.16.101.20 and dst port 80 
&nbsp;  
&nbsp;  
&nbsp; Aaron

brianokelly_119 · Answer

Hi Aaron, thanks worked a treat.

Forum Discussion

tcpdump raw packet capture

2 Replies

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Failing over Virtual F5 VE to DR location using Zerto

Unblock Request WAF

TLS handshake failure from BIG-IP to backend – Fatal Alert: Decode Error (Server SSL)

Failing over of a Virtual F5 configuration to another location using Zerto restore process

F5 Networks F5CAB1 Exam - Need Help Regarding Prep

Related Content

decrypted tcpdump capture without using an iRule and without using tshark

Decrypting BIG-IP Packet Captures without iRules

Decrypting BIG-IP Packet Captures Automatically

Automating Packet Captures on BIG-IP

Tcpdump Capture

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS