Tracking LB client & server session

Question

Is there any options in TCPDump command to track end-to-end LB session i.e, client to LB &amp; LB to backend servers. Iam trying the below command which display the connections from client IP to LB virtual IP.&nbsp;
tcpdump -nnn -s0 -i  -n host  and port 443&nbsp;
We have a SNAT pool configured with 3 IPs and these IPs establish session with the backend servers. There are lot of connections going when I traced the SNAT IPs and unable to find out which one belongs to the client IP which Iam looking for. Can someone throw some light on this?&nbsp;

samir_jha_52506 · Answer

TCPDump is best option to check number live connection, But every time you can't run TCPDump on LB.
Below command will help you to session on LB.
b virtual  show
b pool  show

what_lies_bene1 · Answer

This is of course the downside of SNAT and more generally PAT. Assuming you can't easily design the SNAT out of the equation you'll need to check the connection table, find out how the client has been SNATted and create your tcpdump filter based on that. To make it easier you probably want to do this in two different terminal windows.
So, view the connection table with tmsh show sys conn ... - you can filter by address but sorry I can't remember the syntax, just use ? to bring up the options
Then use tcpdump as follows; tcpdump -i 0.0 -nn -s0 'host real_client_ip or (host snat_ip and port snat_port)

Forum Discussion

Tracking LB client & server session

2 Replies

Recent Discussions

Geo Fence in ASM through irule for URI

Client certificate Authentication - open multiple tabs

google autenticator broken barcode

Chrome V 124+ on MacOS - Virtual Server Access Issue

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Related Content

The BIG-IP Application Security Manager Part 9: Username and Session Awareness Tracking

Link Tracking

APM - Track clicks on webtop resources

Agility sessions announced

iRule based RADIUS Client Stack