For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

falooda_281506's avatar
falooda_281506
Icon for Nimbostratus rankNimbostratus
Aug 30, 2016

tcpdump

What is the syntax for running a TCPdump.. I want to run a tcpdump on my LTM to identify SSL errors from client to server.   Would I run the following:   tcpdump src host x.x.x.x   How would...
BIG-IP
security
TMSH
Hamish's avatar
Hamish
Icon for Cirrocumulus rankCirrocumulus
Aug 30, 2016

Parameters to tcpdump are the same as any other Linux system. Because it's just a red-hat tcpdump at the base of it.

Normally I'd use something like

tcpdump -i  -nn -e xx.xx.xx.xx and port 443

or similar.

However if your'e diagnosing SSL errors, then using ssldump may be of more use. ssldump accepts the same filter (The 'xx.xx.xx.xx and port 443' part) but you can give it the SSL certs being used at the server end (Which you have access to if you're running it on the same BigIP that's doing the SSL offloading) and then it will not only tell you the steps in the protocol, but will also decode any encrypted traffic as well.

There's an ssldump solution note available -> Overview of packet tracing with the ssldump utility