Manual Chapter : tcpdump overview

Applies To:

Show Versions Show Versions

F5OS-A

  • 1.7.0, 1.5.2, 1.5.1, 1.5.0, 1.4.0, 1.3.2, 1.3.1, 1.3.0
Manual Chapter

tcpdump overview

If you need to debug traffic issues, you can use the
tcpdump
utility to capture traffic from
F5 rSeries systems
. You can then save the captured traffic as a file that can be analyzed to help troubleshoot network issues.

Generate a tcpdump from the CLI

You can use the
tcpdump
utility to capture traffic. You can then save the captured traffic as a file that can be analyzed to help troubleshoot network issues.
  1. Connect using SSH to the management IP address.
  2. Log in to the command line interface (CLI) of the system using an account with admin access.
    When you log in to the system, you are in user (operational) mode.
  3. Generate a tcpdump.
    system diagnostics tcpdump
    These options are available to use with this command:
    Option
    Description
    Example
    -i | interface
    Specifies the interface on which to capture packets. Omit or specify
    0/0.0
    to indicate all interfaces.
    This example captures traffic on interface 1.0 on blade number 2:
    system diagnostics tcpdump interface 2/1.0
    -w | outfile
    Specifies the pcap file to write the captured packets.
    This example sends the output to a specified directory:
    system diagnostics tcpdump outfile <
    file-name
    >.pcap
    bpf
    Specifies the Berkeley packet filter (BPF) expression for tcpdump. This option uses standard BPF syntax.
    This example captures traffic where the source IP address is 192.0.2.0 and the destination port is 80:
    system diagnostics tcpdump bpf "src host 192.0.2.0 and dst port 80"
    The system supports the use of standard tcpdump options. For more information, see www.tcpdump.org/manpages/tcpdump.1.html.
Next you can view the file from the CLI or download the file from the webUI.

Manage tcpdump files from the CLI

You can view and export tcpdump files from the CLI.
  1. Connect using SSH to the management IP address.
  2. Log in to the command line interface (CLI) of the system using an account with admin access.
    When you log in to the system, you are in user (operational) mode.
  3. View a list of tcpdump files on the system.
    file list diags/shared/tcpdump<
    file-name
    >
    This example displays the contents of a file named testfile:
    default-1# file list diags/share/tcpdump/testfile.pcap
  4. Export a tcpdump file to an external server.
    file export insecure local-file <
    local-file-path
    > protocol [ https | scp | sftp ] remote-file <
    remote-file-path
    > remote-host <
    ip-address-or-fqdn
    > remote-port <
    port-number
    > ] remote-url <
    ip-address-or-fqdn
    > username <
    user
    > web-token <
    remote-system-token
    >
    This example exports a file named testfile.pcap to a specified server:
    default-1# file export local-file diags/shared/tcpdump/testfile.pcap remote-host files.company.com remote-file home/jdoe/testfile.pcap username jdoe Value for 'password' (<string>): ********* result File transfer is initiated.(diags/shared/tcpdump/testfile.pcap)
  5. Check the file transfer status.
    file transfer-status
    This example shows the status of all recent file transfers:
    default-1# file transfer-status file transfer-status result S.No.|Operation |Protocol|Local File Path |Remote Host |Remote File Path |Status |Time 1 |Export file|HTTPS |diags/shared/tcpdump/testfile.pcap |files.company.com |/home/jdoe | Completed |Wed Jul 13 21:02:24 2022

Manage tcpdump files from the webUI

You can use File Utilities from the webUI to export or download tcpdump files from the system. All file transfers are done using the HTTPS protocol.
  1. Log in to the webUI using an account with admin access.
  2. On the left, click
    SYSTEM SETTINGS
    File Utilities
    .
  3. From the
    Base Directory
    list, select
    diags/shared/
    .
  4. Under
    diags/shared
    , select
    tcpdump
    .
  5. If you want to export a tcpdump file to an external server:
    1. Select the tcpdump file and click
      Export
      .
    2. In the popup, enter the
      Server URL
      for where to export the file.
    3. Provide the
      Username
      and
      Password
      only if required by the remote host.
    4. Select
      Ignore Certificate Warnings
      if you want to skip warnings when importing files.
    5. Click
      Export File
      to begin the export.
  6. If you want to download the tcpdump file to your local workstation:
    1. Select the tcpdump file and click
      Download
      .
      The selected file will be downloaded.
In the File Transfer Status area, you can view the status of a file transfer operation to view its progress and see if it was successful. If an operation fails, hover over the warning icon to see the error that occurred.
A runtime error displays in the File Transfer Status area if an invalid operation is performed.