Manual Chapter : Overview: tcpdump

Applies To:

  • F5OS-A

    2.0.0

back-action F5 rSeries Systems: Supportability

Updated Date: 06/30/2026

Overview: tcpdump

If you need to debug traffic issues, you can use the tcpdump utility to capture traffic from F5 rSeries systems. You can then save the captured traffic as a file that can be analyzed to help troubleshoot network issues.

You can use the tcpdump utility to capture traffic. You can then save the captured traffic as a file that can be analyzed to help troubleshoot network issues.

  1. Connect using SSH to the management IP address.

  2. Log in to the command line interface (CLI) of the system using an account with admin access.

    When you log in to the system, you are in user (operational) mode.

  3. Generate a tcpdump.

    system diagnostics tcpdump

    These options are available to use with this command:

    Option

    Description

    Example

    -i | interface

    Specifies the interface on which to capture packets. Omit or specify 0/0.0 to indicate all interfaces.

    This example captures traffic on interface 1.0 on blade number 2: system diagnostics tcpdump interface 2/1.0

    -w | outfile

    Specifies the pcap file to write the captured packets.

    This example sends the output to a specified directory:system diagnostics tcpdump outfile <*file-name*>.pcap

    bpf

    Specifies the Berkeley packet filter (BPF) expression for tcpdump. This option uses standard BPF syntax.

    This example captures traffic where the source IP address is 192.0.2.0 and the destination port is 80: system diagnostics tcpdump bpf "src host 192.0.2.0 and dst port 80"

Note: The system supports the use of standard tcpdump options. For more information, see www.tcpdump.org/manpages/tcpdump.1.html.

Next you can view the file from the CLI or download the file from the webUI.

You can view and export tcpdump files from the CLI.

  1. Connect using SSH to the management IP address.

  2. Log in to the command line interface (CLI) of the system using an account with admin access.

    When you log in to the system, you are in user (operational) mode.

  3. View a list of tcpdump files on the system.

    file list diags/shared/tcpdump<*file-name*>

    This example displays the contents of a file named testfile:

    default-1# file list diags/share/tcpdump/testfile.pcap

  4. Export a tcpdump file to an external server.

    file export insecure local-file <*local-file-path*> protocol [ https | scp | sftp ] remote-file <*remote-file-path*> remote-host <*ip-address-or-fqdn*> remote-port <*port-number*> ] remote-url <*ip-address-or-fqdn*> username <*user*> web-token <*remote-system-token*>

    This example exports a file named testfile.pcap to a specified server:

    default-1# file export local-file diags/shared/tcpdump/testfile.pcap remote-host 
  files.company.com remote-file home/jdoe/testfile.pcap username jdoe
Value for 'password' (<string>): *********
result File transfer is initiated.(diags/shared/tcpdump/testfile.pcap)

  5. Check the file transfer status.

    file transfer-status

    This example shows the status of all recent file transfers:

    default-1# file transfer-status
file transfer-status
result
S.No.|Operation  |Protocol|Local File Path                    |Remote Host       |Remote File Path |Status     |Time
1    |Export file|HTTPS   |diags/shared/tcpdump/testfile.pcap |files.company.com |/home/jdoe       | Completed |Wed Jul 13 21:02:24 2022

You can use File Utilities from the webUI to export or download tcpdump files from the system. All file transfers are done using the HTTPS protocol.

  1. Log in to the webUI using an account with admin access.

  2. On the left, click System Monitoring > File Utilities.

  3. From the Base Directory list, select diags/shared/.

  4. Under diags/shared, select tcpdump.

  5. If you want to export a tcpdump file to an external server:

    1. Select the tcpdump file and click Export.

    2. In the popup, enter the Server URL for where to export the file.

    3. Provide the Username and Password only if required by the remote host.

    4. Select Ignore Certificate Warnings if you want to skip warnings when importing files.

    5. Click Export File to begin the export.

  6. If you want to download the tcpdump file to your local workstation:

    1. Select the tcpdump file and click Download.

      The selected file will be downloaded.

In the File Transfer Status area, you can view the status of a file transfer operation to view its progress and see if it was successful. If an operation fails, hover over the warning icon to see the error that occurred.

Note: A runtime error displays in the File Transfer Status area if an invalid operation is performed.