tcpdump not capturing server-side traffic when http/2 is used

Hi,

I am trying to debug an issue we have and tried to make a packet capture with the -p option to also capture server-side traffic, but I only see servers-side packets for some flows. I have used the following tcpdump options:

tcpdump -nnvi 0.0:nnnp -s0 host <virtual IP>

What I did notice in the capture is that for the flows were I only have client-side packets it looks like the user is using HTTP/2:

TLSv1.2 Record Layer: Application Data Protocol: http2

While for the flows I have both client and server-side, it is showing:

TLSv1.2 Record Layer: Application Data Protocol: http-over-tls

Is this a known issue when using HTTP/2 profiles?

We are running version 12.1.5.2.

application delivery

BIG-IP

LTM

Forum Discussion

tcpdump not capturing server-side traffic when http/2 is used

Recent Discussions

F5Access | MacOS Sonoma

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

F5 loadbalancer not working

Related Content

Tcpdump Capture

decrypted tcpdump capture without using an iRule using tshark

Decrypting BIG-IP Packet Captures without iRules

Decrypting BIG-IP Packet Captures Automatically

Automating Packet Captures on BIG-IP