Are you specific only to TCPDUMP or other option in F5. In TCPDUMP you can capture live packet, print on screen & store in folder for later use.
Ex:
tcpdump -nni 0.0:nnn -s0 host x.x.x.x and host y.y.y.y
it will show packet on screen.
@
tmsh show sys connection
is the basic starting point, but if that's all you specify, you'll see all the connections - which is probably much more output than you want. You need to specify additional information about the endpoints you care about if you want to limit the output.
cs-client-addr - the (client) source IP address on the clientside of the connection
cs-client-port - the (client) source port on the clientside of the connection
cs-server-addr - the (server) destination IP address on the clientside of the connection (i.e. the Virtual Server IP address)
cs-server-port - the (server) destination port on the clientside of the connection (i.e. the Virtual Server port)
ss-client-addr - the (client) source IP address on the serverside of the connection (i.e. the SNAT address)
ss-client-port - the (client) source port on the serverside of the connection (i.e. the SNAT port)
ss-server-addr - the (server) destination IP address on the serverside of the connection (i.e., the Pool Member address)
ss-server-port - the (server) destination port on the serverside of the connection (i.e., the Pool Member port)
You can mix/match these options as necessary to isolate the connections you are interested in. The more pieces of information you specify, the narrower your focus will be, and the smaller your output will become. So for example, this command would show me all connections from client 100.1.1.1, to any Virtual Server assigned address 10.1.1.0, that were load-balanced to Pool Member 192.168.1.1:9999:
tmsh show sys conn cs-client-addr 110.x.x.x1 cs-server-addr 11.x.x.0 ss-server-addr 192.168.x.x ss-server-port 9090