Simple command steps to take a tcpdump and view logs in CLI:
- To view recent logs from devices interface hitting.
#tail -f /var/log/ltm
- Filtering logs for the url to a specific destination
#cat /var/log/ltm | grep http://www.test.com
3.. To view logs for a single IP use the command as below
# tail -f /var/log/ltm | grep 10.1.1.1
- To see live logs on F5 device. Use the below command
# tail -f ltm
5.Capture Packets for a specific Interface
tcpdump command it will capture from all the interfaces, however with -i switch only capture from desire interface.
# tcpdump -i eth0
6.Print Captured Packets
The below tcpdump command with option -A displays the package in ASCII format. It is a character-encoding scheme format.
# tcpdump -A -i eth0
7.Display Available Interfaces
number of available interfaces will show using –D options
# tcpdump –D
8. Capture and Save Packets in a File
tcpdump has a feature to capture and save the file in a .pcap format. this just execute command with -w option.
# tcpdump –ni any host <source IP> -w 0001.pcap
9.Capture only TCP Packets.
To capture packets for IP address and TCP port using the following command with option tcp.
# tcpdump -i eth0 tcp
10. Capture Packet from Specific Port
If you want to capture packets for specific port 22, using specifying port number 22 as shown below.
# tcpdump -i eth0 port 22
11.Capture Packets from source IP
To capture packets from source IP, ex:10.10.10.10 use the command as follows.
# tcpdump -i eth0 src 10.1.1.1
12.Capture source and destination IP and save using pcap with network interface.
#tcpdump -s0 -ni 0.0:nnnp host <user IP> and host <dst IP> -w /var/log/<filename>.pcap