hi, i have a situation where tcpdump on BIG-IP only shows traffic hitting the VIP(the 3-way handshake) but nothing between the LTM <-> back end server.As a result tcpdump on firewall after the BIG-I...
thanks for the prompt reply. what you have suggested is not something i have done yet. as i read through the article it says to follow caution when using the "p" switch? is it that heavy on the box to run tcpdump with that switch? in that case i might need to do it after hours maybe. yes the health monitors are all green. the tcpdump i did earlier was using the curl command though.
I think that practically every article on that matter will mention that you should be careful when you run tcpdump on a busy box. I don't know whether your box is busy or not, but here are some hints.
You can run tcpdump -D. This will output a list of all available interfaces. You could use the corresponding interface from the list, instead of using 0.0. Example:
Also you should filter as precisely as possible and combine filters. In the following example I filter for host IP and port.
Also in this example I use tcpdump -n to disable name resolution of host names. Example:
tcpdump -ni external host 10.100.200.50 and port 80
And if you are really not sure, whether running a tcpdump will be too heavy for your box during daytime... Yes, running it after hours might be better.