F5 packet capture CLI

F5 offers the capacity for packet capture by use of tcpdump command. In version 10.x, F5 doesn’t support you to perform tcpdump in the non-default route domain.

F5 recommends that you run the tcpdump command from the default route domain (route domain 0), and specify interface 0.0 as below:

tcpdump -s0  -w /var/tmp/WOI1.pcap -fnni 0.0:nnn  host x.x.x.x (x.x.x.x works as a filter which match the source IP or destination IP of a packet)

In addition, F5 has a CLI for SSL traffic capture which is good for the analysis of SSL traffic

ssldump -aAden -N -r <dump file> -k <key file> >> /var/tmp/<output file>

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s