Forum Discussion
youssef1
Sep 27, 2018Cumulonimbus
Hi,
since you are capturing on the ip address base, keep in mind that capture from F5 to backend you may have several user session if you are not the only one to test (because of snat):
tcpdump -nni 0.0 '(host "clientIP" and host "VipIP")' or '(host "FloatinIP" and host "BackendServer")'
or
tcpdump -nni 0.0 '(src host "clientIP" and dst host "VipIP")' or '(src host "FloatinIP" and dst host "BackendServer")'
In your situation I advise you to capture traffic using an Irule, it allows you to go up to layer 7 and capture traffic end-to-end for a single user.
let me know if you need assistance for irule
Regards