F5 Logo MyF5
Search
  1. MyF5 Home
  2. F5 rSeries Systems: Supportability
  3. tcpdump overview
Manual Chapter : tcpdump overview

Applies To:

Show Versions Show Versions

F5OS-A

  • 1.7.0, 1.5.2, 1.5.1, 1.5.0, 1.4.0, 1.3.2, 1.3.1, 1.3.0
Manual Chapter

tcpdump overview

If you need to debug traffic issues, you can use the
tcpdump
 utility to capture traffic from
F5 rSeries systems
. You can then save the captured traffic as a file that can be analyzed to help troubleshoot network issues.

Generate a tcpdump from the CLI

You can use the
tcpdump
 utility to capture traffic. You can then save the captured traffic as a file that can be analyzed to help troubleshoot network issues.
  1. Connect using SSH to the management IP address.
  2. Log in to the command line interface (CLI) of the system using an account with admin access.
    When you log in to the system, you are in user (operational) mode.
  3. Generate a tcpdump.
    system diagnostics tcpdump
    These options are available to use with this command:
    Option
    Description
    Example
    -i | interface
    Specifies the interface on which to capture packets. Omit or specify
    0/0.0
     to indicate all interfaces.
    This example captures traffic on interface 1.0 on blade number 2:
    system diagnostics tcpdump interface 2/1.0
    -w | outfile
    Specifies the pcap file to write the captured packets.
    This example sends the output to a specified directory:
    system diagnostics tcpdump outfile <
    file-name
    >.pcap
    bpf
    Specifies the Berkeley packet filter (BPF) expression for tcpdump. This option uses standard BPF syntax.
    This example captures traffic where the source IP address is 192.0.2.0 and the destination port is 80:
    system diagnostics tcpdump bpf "src host 192.0.2.0 and dst port 80"
    The system supports the use of standard tcpdump options. For more information, see www.tcpdump.org/manpages/tcpdump.1.html.
Next you can view the file from the CLI or download the file from the webUI.

Manage tcpdump files from the CLI

You can view and export tcpdump files from the CLI.
  1. Connect using SSH to the management IP address.
  2. Log in to the command line interface (CLI) of the system using an account with admin access.
    When you log in to the system, you are in user (operational) mode.
  3. View a list of tcpdump files on the system.
    file list diags/shared/tcpdump<
    file-name
    >
    This example displays the contents of a file named testfile:
    default-1# file list diags/share/tcpdump/testfile.pcap
  4. Export a tcpdump file to an external server.
    file export insecure local-file <
    local-file-path
    > protocol [ https | scp | sftp ] remote-file <
    remote-file-path
    > remote-host <
    ip-address-or-fqdn
    > remote-port <
    port-number
    > ] remote-url <
    ip-address-or-fqdn
    > username <
    user
    > web-token <
    remote-system-token
    >
    This example exports a file named testfile.pcap to a specified server:
    default-1# file export local-file diags/shared/tcpdump/testfile.pcap remote-host 
  files.company.com remote-file home/jdoe/testfile.pcap username jdoe
Value for 'password' (<string>): *********
result File transfer is initiated.(diags/shared/tcpdump/testfile.pcap)
  5. Check the file transfer status.
    file transfer-status
    This example shows the status of all recent file transfers:
    default-1# file transfer-status
file transfer-status
result
S.No.|Operation  |Protocol|Local File Path                    |Remote Host       |Remote File Path |Status     |Time
1    |Export file|HTTPS   |diags/shared/tcpdump/testfile.pcap |files.company.com |/home/jdoe       | Completed |Wed Jul 13 21:02:24 2022

Manage tcpdump files from the webUI

You can use File Utilities from the webUI to export or download tcpdump files from the system. All file transfers are done using the HTTPS protocol.
  1. Log in to the webUI using an account with admin access.
  2. On the left, click
    SYSTEM SETTINGS
    File Utilities
    .
  3. From the
    Base Directory
     list, select
    diags/shared/
    .
  4. Under
    diags/shared
    , select
    tcpdump
    .
  5. If you want to export a tcpdump file to an external server:
    1. Select the tcpdump file and click
      Export
      .
    2. In the popup, enter the
      Server URL
       for where to export the file.
    3. Provide the
      Username
       and
      Password
       only if required by the remote host.
    4. Select
      Ignore Certificate Warnings
       if you want to skip warnings when importing files.
    5. Click
      Export File
       to begin the export.
  6. If you want to download the tcpdump file to your local workstation:
    1. Select the tcpdump file and click
      Download
      .
      The selected file will be downloaded.
In the File Transfer Status area, you can view the status of a file transfer operation to view its progress and see if it was successful. If an operation fails, hover over the warning icon to see the error that occurred.
A runtime error displays in the File Transfer Status area if an invalid operation is performed.
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information