TCPDUMP-help

Question

I am trying to run tcpdump on LTM, I am not getting the traffic captured, there is no SNAT applied on VIP, If there is no SNAT applied, we should be able to see client's IP as source IP, when I am using 
clients IP in source, I am not getting any traffic hits, if SNAT is not applied then clients ip is replaced by self IP by default ? I am running following command
tcpdump -nni 0.0 src host "Souce IP" and dst host "destination-ip" and dst port "PORT"
when I run following command, I am getting traffic captured
tcpdump -nni 0.0 dst host "destination-ip" and dst port "PORT"&nbsp;

keesvandenbos · Answer

What is the source ip in a packet when you perform tcpdump -nni 0.0 dst host "destination-ip" and dst port "PORT"???&nbsp;
And I you see the self ip as the source IP then your looking at health monitoring traffic in your tcpdump (or do you have snat automap enabled on the vip?)&nbsp;
Cheers,&nbsp;
Kees&nbsp;

jgranieri · Answer

if you are unsure of the pcap settings just run the tcpdump on the interface and or vlan.  granted this will capture everything but at least you will know if the traffic is coming into the VS.   use different tcpdumps for ingress and egress VLAN&nbsp;
tcpdump -i VLAN_Name -s 0 -w filename.txt &nbsp;

vinaykumar_1689 · Answer

Thanks for answering, I was trying on DMZ LTM, that was the reason  traffic was not captured&nbsp;
with true source IP, I tried on internal LTM, the tcpdump command works well.&nbsp;

Forum Discussion

TCPDUMP-help

3 Replies

Recent Discussions

google autenticator broken barcode

Error while running ansible

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Related Content

Need help deciphering this tcpdump / resets from F5

Re: Running Wireshark captures from F5 BIG-IP

Run tcpdump on event

Clone Pool Across L3

Re: Replacing a DNS Server with F5 BIG-IP DNS