Forum Discussion
newf5learner
Nov 20, 2015Nimbostratus
thanks. other than the command to capture the resets (the above command is not working - I tired multiple times on a busy LTM), can you please suggest how to capture traffic using some compound statements using source, destination servers and on port 80.
I have even tried this
tcpdump '( tcp[tcpflags] & (tcp-rst) != 0) and host 10.196.1.119' but I'm seeing no traffic even though I reset the connection from browser.
tcpdump -ni 0.0 src host 10.194.232.2 and '(dst host 10.194.232.127 or dst host 10.194.232.134)'
10.194.232.2 is the Internal self IP address which is interacting with servers. however its capturing the health monitor traffic also. Please suggest me how to filter out only my active client connection related traffic but not the health monitor one.
Please suggest. thanks.