F5 Tcpdump Commands

Simple command steps to take a tcpdump and view logs in CLI:

  1. To view recent logs from devices interface hitting.

#tail -f /var/log/ltm

  1. Filtering logs for the url to a specific destination

#cat /var/log/ltm | grep http://www.test.com

3.. To view logs for a single IP use the command as below

# tail -f /var/log/ltm | grep

  1. To see live logs on F5 device. Use the below command

# tail -f ltm

5.Capture Packets for a specific Interface

tcpdump command it will capture from all the interfaces, however with -i switch only capture from desire interface.

# tcpdump -i eth0

6.Print Captured Packets

The below tcpdump command with option -A displays the package in ASCII format. It is a character-encoding scheme format.

# tcpdump -A -i eth0

7.Display Available Interfaces

number of available interfaces will show using –D options

# tcpdump –D

8. Capture and Save Packets in a File

tcpdump has a feature to capture and save the file in a .pcap format. this just execute command with -w option.

# tcpdump –ni any host <source IP> -w 0001.pcap

9.Capture only TCP Packets.

To capture packets for IP address and TCP port using the following command with option tcp.

# tcpdump -i eth0 tcp

10. Capture Packet from Specific Port

If you want to capture packets for specific port 22, using specifying port number 22 as shown below.

# tcpdump -i eth0 port 22

11.Capture Packets from source IP

To capture packets from source IP, ex: use the command as follows.

# tcpdump -i eth0 src

12.Capture source and destination IP and save using pcap with network interface.

#tcpdump -s0 -ni 0.0:nnnp host <user IP> and host <dst IP> -w /var/log/<filename>.pcap