Forum Discussion

Doran_Lum_13484's avatar
Doran_Lum_13484
Icon for Nimbostratus rankNimbostratus
Jul 22, 2014

Monitoring returning traffic

Hi all, in one of my recent incidents someone had accidentally remove a firewall rule and it had cause the returning traffic to be routed out to the Internet.

 

On the F5 I was able to see the incoming traffic coming from the firewall and through F5 and to the Application using tcpdump. I was not sure how to monitor the returning traffic.

 

I was told that on F5 BigIP version 11 I should be able to see the traffic on the dashboard. I'm not able to find such feature, could someone kindly point me to it ?

 

BIG-IP
f5

3 Replies

Sort By
  • The_Bhattman's avatar
    The_Bhattman
    Icon for Nimbostratus rankNimbostratus
    Jul 23, 2014

    Hi Doran,

     

    Within Dashboard you are able to create a Custom View which allows you drag and drop certain elements such as in/out throughput.

     

    Here is oldy but goody on Dashboard (Click here)

     

    I hope this helps,

     

    -=Bhattman=-

     

  • Doran_Lum's avatar
    Doran_Lum
    Icon for Nimbostratus rankNimbostratus
    Jul 25, 2014

    Thanks, but on the dashboard and tcpdump I'm not able to troubleshoot incoming traffic and established traffic ? *Sorry I'm not a network person so I may not understand it well.

     

     

    No. Time Source Destination Protocol Length Info

     

    2 0.265084 10.0.0.1 10.0.0.2 TCP 58 10897 > 10084 [SYN] Seq=0 Win=2048 Len=0 MSS=1460

     

    3 0.265105 10.0.0.2 10.0.0.1 TCP 58 10084 > 10897 [SYN, ACK] Seq=0 Ack=1 Win=4380 Len=0 MSS=1460

     

    4 0.541458 10.0.0.2 10.0.0.1 TCP 58 10084 > lazy-ptop [SYN, ACK] Seq=0 Ack=0 Win=4380 Len=0 MSS=1460

     

    5 0.761338 10.0.0.1 10.0.0.2 TCP 58 10897 > 10084 [SYN] Seq=0 Win=2048 Len=0 MSS=1460

     

    6 0.977758 10.0.0.2 10.0.0.1 TCP 58 10084 > 15992 [SYN, ACK] Seq=0 Ack=0 Win=4380 Len=0 MSS=1460

     

    7 1.267726 10.0.0.1 10.0.0.2 TCP 58 10897 > 10084 [SYN] Seq=0 Win=2048 Len=0 MSS=1460

     

    8 1.440397 10.0.0.2 10.0.0.1 TCP 58 10084 > 31616 [SYN, ACK] Seq=0 Ack=0 Win=4380 Len=0 MSS=1460

     

    9 1.501526 10.0.0.1 10.0.0.2 TCP 58 11218 > 10084 [SYN] Seq=0 Win=2048 Len=0 MSS=1460

     

    10 1.501548 10.0.0.2 10.0.0.1 TCP 58 10084 > 11218 [SYN, ACK] Seq=0 Ack=1 Win=4380 Len=0 MSS=1460

     

    11 1.59685 10.0.0.1 10.0.0.2 TCP 58 sentinelsrm > 10084 [SYN] Seq=0 Win=2048 Len=0 MSS=1460

     

  • Doran_Lum's avatar
    Doran_Lum
    Icon for Nimbostratus rankNimbostratus
    Jul 29, 2014

    Sorry, would anyone happen to have experience in trying to see how we can monitor established connections on F5 ?