from this sol: http://support.f5.com/kb/en-us/solutions/public/13000/600/sol13637.html
Beginning in BIG-IP 11.2.0, you can use the p interface modifier with the n modifier to capture traffic with TMM information for a specific flow, and its related peer flow. The p modifier allows you to capture a specific traffic flow through the BIG-IP system from end to end, even when the configuration uses a Secure Network Address Translation (SNAT) or OneConnect. For example, the following command searches for traffic to or from client 10.0.0.1 on interface 0.0:
tcpdump -ni 0.0:nnnp -s0 -c 100000 -w /var/tmp/capture.dmp host 10.0.0.1
remember though that there is a limit on packet captures on interface, which i assume also goes for 0.0
see sol: http://support.f5.com/kb/en-us/solutions/public/6000/500/sol6546.html
Limitations
Running tcpdump on a switch interface is rate-limited to 200 packets per second. Therefore, if you run tcpdump on an interface that is processing more than 200 packets per second, the captured tcpdump file does not include all of the packets.
For example, the following command captures PVA-accelerated traffic, but the syntax results in a rate limit of 200 packets per second:
tcpdump -ni