Tracking connection from to point

You should be able to obtain that information by using tcpdump. What is the tcpdump command that you are using ?

 

You can also use iRule to log the connection and HSL.

 

Use this irule to log connection from the client through the node :

when SERVER_CONNECTED {
   This logs information about the TCP connections on *both* sides of the full proxy
  set client_remote "[IP::client_addr]:[TCP::client_port]"
  set client_local  "[IP::local_addr clientside]:[TCP::local_port clientside]"
  set server_local  "[IP::local_addr]:[TCP::local_port]"
  set server_remote "[IP::server_addr]:[TCP::server_port]"
  log local0. "Got connection: Client($client_remote)<->($client_local)LTM($server_local)<->($server_remote)Server"
}

you can also use the following command to view which client is connected to which node:

tmsh show sys conn cs-client-addr  cs-server-addr 

Capturing traffic with TMM information for a specific traffic flow

 

Beginning in BIG-IP 11.2.0, you can use the p interface modifier with the n modifier to capture traffic with TMM information for a specific flow, and its related peer flow. The p modifier allows you to capture a specific traffic flow through the BIG-IP system from end to end, even when the configuration uses a Secure Network Address Translation (SNAT) or OneConnect. For example, the following command searches for traffic to or from client 10.0.0.1 on interface 0.0:

 

tcpdump -ni 0.0:nnnp -s0 -c 100000 -w /var/tmp/capture.dmp host 10.0.0.1

 

Once tcpdump identifies a related flow, the flow is marked in TMM, and every subsequent packet in the flow (on both sides of the BIG-IP system) is written to the capture file.

 

 

Regards,

 

Mohammed