Issue with Capturing SYN-ACK Packets on F5 BigIP Virtual Server
Hello everyone,
I have a virtual server set up on an F5 BigIP. I captured traffic on a client (IP: 10.16.x.x) of the balanced service and on the virtual server itself (IP: 10.16.y.y). On the client capture, I can see that it sends the SYN packet to establish the connection and receives the SYN-ACK packet from the server. However, in the capture from the server, I do not see the SYN-ACK packet.
I am trying to understand why the SYN-ACK packet does not appear in the server capture and if the command I used to capture the traffic was incorrect. Here is the command I used:
/usr/sbin/tcpdump -s0 -ni any:nnn -w /var/tmp/proxy80.pcap host 10.16.y.y and host 10.16.x.x
Syncookie was enabled on the server and it sent a RST to the client. Anyway, I wonder why there is no SYN-ACK packet despite the fact that the client received it.
Could someone please help me understand what might be going wrong or suggest the correct way to capture this traffic?
Thank you!