Professional Documents
Culture Documents
F5 Cheat Sheet
F5 Cheat Sheet
tcpdump -i internal
tcpdump -i 1.2
tcpdump -i eth0
tcpdump -i eth0 -nn
tcpdump -i 1.1
tcpdump -i 0.0 -w /var/tmp/New-TCPDMP.pcap
tcpdump -i 0.0 -w /var/tmp/New-TCPDMP.pcap -s0
cd /var/tmp
tcpdump -i 0.0 -s0 arp -nn
tcpdump -i 0.0:p host 192.168.1.92
tcpdump -i 0.0:p host 192.168.1.101 -nn
tcpdump -i 0.0:p host 192.168.1.92 and not tcp port 22 -nn
tcpdump -i 0.0:p host 192.168.1.92 and not tcp port 443
Show Configuration
tail -f /var/log/ltm/
-------
tcpdump -s0 -nn -i 0.0 -vvv -l -x host x.x.x.x and port yyy -w /tmp/outfile.cap
The traffic matching the specified filter is saved to the indicated capture file.
Useful to do
one on client side (filter on source IP)
� https://support.f5.com/kb/en-us/solutions/public/10000/200/sol10209.html
� https://support.f5.com/kb/en-us/solutions/public/15000/200/sol15292.html
---
This tcpdump uses the �p flag to capture �peer� flows when traffic is snatted on
the serverside. This means you can see the traffic from a host coming in to the F5
and going out to the load balanced destination on a single capture.
Traffic matching the query is saved to the capture file after the �w.The �v enables
you to see how many packets are being captured and the �w sends the output to a
file.
-----
example bellow for routing instance 2 server 192.168.1.1 over port 443
taking this one step further to check if the SSL handshake is working and that
there is a certificate being offered, a test can be sent to the virtual server to
check that there is termination or pass through. Then if that fails from the F5 to
the back end server in question. This can be used in conjunction with TCP DUMP and
SSL DUMP to nail the issue. The command bellow will again use route domain 2 and
will display the certificate that is handed out by the server.