Thursday, 8 August 2019

TCP dump



https://devcentral.f5.com/wiki/advdesignconfig.troubleshootingltmmonitors.ashx



We can use tcpdump to see what response is being sent and received to and from the pool member. We use some specific flags to configure the output:



-nn - don't attempt to convert IP addresses to hostnames or ports to service names

-X - print hex and ascii output

-s0 - don't limit the snap length (packet size) captured



tcpdump -nni 0.0 -X -s0 host 10.x.x.1 and port 80 and host 10.x.x.2 -w test.pcap







To filter the traffic, we use the pool member IP address, port and the non-floating self IP that the monitor requests will be sent from.



===========================================================



To take source , VIP and pools into account



 If

============================



Source : 1.1.1.1 port 1111

VIP: 2.2.2.2

Pool Members: 3.3.3.3 and 4.4.4.4 port 12345



Then

=============================

 tcpdump -nni 0.0:nnn -s0 -C 10 -W 100 --w /var/tmp/tcpdump.pcap  '( host 1.1.1.1 or host 2.2.2.2 and port 1111) or ((host 3.3.3.3 or host 4.4.4.4 ) and port 12345)'  -vvv

 

No comments:

Post a Comment

iRule

  iRule: -- o iRule is a powerful and flexible feature within the BIG-IP local traffic management (LTM). o IRule is a powerful & flexibl...