F5 offers the capacity for packet capture by use of tcpdump command. In version 10.x, F5 doesn’t support you to perform tcpdump in the non-default route domain.
F5 recommends that you run the tcpdump command from the default route domain (route domain 0), and specify interface 0.0 as below:
tcpdump -s0 -w /var/tmp/WOI1.pcap -fnni 0.0:nnn host x.x.x.x (x.x.x.x works as a filter which match the source IP or destination IP of a packet)
In addition, F5 has a CLI for SSL traffic capture which is good for the analysis of SSL traffic
ssldump -aAden -N -r <dump file> -k <key file> >> /var/tmp/<output file>