How to differentiate SYN packet from monitoring traffic and actual application traffic ?

Question

Hi All,&nbsp;
I am trying to investigate a monitor flap issue.&nbsp;
Monitor used is tcp_half_open&nbsp;
SNAT automap is being used on VS.&nbsp;
Packet capture during issue is around 200 MB.&nbsp;
Checking the capture file i see lot of SYN packets, is there any way i can identify the specific monitoring traffic ?&nbsp;

ryannnnnnnnn · Answer

Wouldn't the monitor traffic be coming from the self ip addresses, whereas client traffic would be coming from the SNAT ip address(es)?&nbsp;

Forum Discussion

How to differentiate SYN packet from monitoring traffic and actual application traffic ?

1 Reply

Recent Discussions

F5Access | MacOS Sonoma

Active- Active HA setup

syslog server connection

Cannot see floating MAC address outside of ESXi

Rewrite uri translation not working

Related Content

Monitoring TCP Applications #01

Differentiating between the BIG-IP data plane and control plane

Application Programming Interface (API) Authentication types simplified

Enhanced Modern Applications and MicroServices SSO with NGINX

Secure Modern Applications and MicroServices SSO with NGINX