tcpdump not showing all data

The tcpdump using the external host command didn't render any output at all.

 

 

I was able however, to get the pps throughput using NGenius and I'm at around 2000-3000 pps on the inside interface so this would probably expliain why tcpdump is performing so poorly. The thing is, the F5 that I'm testing on isn't even our production box that pushes alot more packets per second.....how do you troubleshoot this box with a broken tcpdump???

 

 

The reason I ask is that the F5 is a fairly new deploy for me and I am starting to get calls from the Windows crew that have machines behind VIPS on this box and they want me to troubleshoot their flows and I can't.....I'm I missing something here?

 

 

jack

There isn't a limitation on tcpdump if you use the VLAN instead of the port number. Just make sure you're specifying the correct VLAN.

 

 

Aaron

what is the correct syntax for tcpdump using the vlan?

 

thanks

Just the name of the VLAN as listed in 'b vlan list'.

 

 

Aaron

Thanks Aaron.

 

 

This was the only way I can get it to partially work:

 

 

tcpdump -i 1.1 vlan 4094 | grep 172.21.61.3

 

 

and again, I'm back to the same spotty output

Just use the vlan name instead of the port for the interface (and remove the vlan 4094 tag):

 

 

tcpdump -i external host 172.21.61.3 -s 0 -l

 

 

replace external with the actual vlan name from 'b vlan list'.

 

 

Aaron

THAT WORKS!

 

 

nice..I guess I had a pps issue that needed the exact syntax as you pointed out, Aaron.

 

 

I opened a case with F5 and they didn't provide me with any good information at all and never told me about a 200 pps limitation on tcpdump.

 

 

thanks again for all the help.

 

 

On another note, I really like those "b" commands that you suggested as I haven't done much with the command line.

 

 

Is there any chance you can give me a short list of your favorite command line commands that can be useful in troubleshooting?

 

 

thanks again

 

 

jack

Glad that's working for you. In v10 you have the new tmsh and existing bigpipe commands available. These are documented in the reference guides:

 

 

TMSH reference guide:

 

https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip_tmsh_refguide.html

 

 

bigpipe reference guide:

 

https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/CLI_guide_943.html

 

 

Aaron

Only with this command I see traffic :

 

tcpdump -X -vvv -nnei 1.3:nnn -s0 host X.X.X.X and port XXXX