NimbostratusPcap and accessing /var/tmp
Hello!
I'm pretty new to F5 and I'm running into an issue navigating the CLI. basically I've ssh'd into a F5 device through a jumpbox and all I'm trying to do is get a pcap and save it on the device one the /var/tmp but I can't seem to navigate too /var/tmp to make sure the file was saved. I'm at the (/common) tmos: directory when I run the tcpdump -nni 0.0 -w /var/tmp/packet.pcap command. It works fine and does the capture but I just can't seem to navigate too it. Every command I try like "find" give me a syntax error.
If anyone could give me a hand that would be incredible!
Linux my friend! Make sure you are in bash shell. You may need to escape TMOS via run /util bash command. Then cd into directory and ls:
- cd /var/tmp
- ls
Now, a "hack" to easily retrieve files via GUI is to copy or move them into /var/local/ucs and navigate via System -> Archives in GUI and download.
- cp /var/tmp/packet.pcap /var/local/ucs/packet.pcap.ucs
Just rename it back after download.
Praedyth Because you are most likely in TMOS you cannot see the Linux file structure from here. Assuming your user has access to the Linux OS you would issue the command "bash" which will dump you into the Linux side of the OS and then you can navigate to the appropriate directory by using command "cd /var/tmp/" and then you can do an "ls -l | grep ".pcap" to find all your pcaps. Once you're done you can type "exit" which will dump you back to TMOS and then you can type "quit" which will log you out of the F5 all together. If your intent is to copy the file off you can use winSCP for Windows based OS and connect to the F5 this way and then navigate to the appropriate path or if you're on Linux you can scp the file off of the F5 to your local machine.
