Forum Discussion

Rob_Guthrie_243's avatar
Rob_Guthrie_243
Icon for Nimbostratus rankNimbostratus
Feb 02, 2016

Need to capture VLAN traffic on/through vCMP guest LTM

We have a Viprion 2200 series with several production and non-production guest LTMs (none of which are handling any production traffic yet and are connected only to a network segment for testing).

 

We are in need of capturing connections that run through the VLAN VIP of a guest LTM and to the pool on the back end. SSH into the management IP of the guest as root allows tcpdump (and to specify the VLAN): tcpdump -i VLAN-NAME. The only traffic picked up by the dump is the occasional eigrp multicast traffic hitting the outside.

 

We ping the VIP successfully and also telnet to a pool server (through the VIP) on a listening port, successfully (tcp OPEN), but none of this traffic is seen in the tcpdump capture.

 

If the capture is seeing the eigrp traffic on VLAN VLAN-NAME, and the VIP for the VLAN is reachable from the same outside client that telnets to the pool server (with the successful ping of the VIP also NOT seen in the tcpdump), what are we doing wrong vis a vis the tcpdump capture (for starters)?

 

ANY thoughts on this would be most appreciated.

 

Thanks much.

 

application delivery
BIG-IP
LTM
security
vcmp

1 Reply

Sort By
  • Chris_Grant's avatar
    Chris_Grant
    Icon for Employee rankEmployee
    Feb 02, 2016

    If you want to see both sides of the traffic, you can use: tcpdump -i 0.0

     

    0.0 captures on all VLANs and would show both sides of the traffic regardless of VLAN. Capturing to a file is also helpful, as you can then download and review in Wireshark. It will also capture traffic that may not be arriving as expected. On a production unit I would strongly suggest that you filter as narrowly as possible to avoid overwhelming the unit. You may wish to verify that you can get out from the guest to make sure that you don't have another device responding to the client.