As recommended by Nitass the so called ringdump will probably do the job. Make sure to write into the shared file system (option -w). A valuable parameter is "p" (for peer traffic) in the interface definition. The "p" will make sure to dump the serverside forwarded and returned packets as well in your trace.
Nitass already added the so called noise parameter ("nnn") which requires the
F5 WireShark plugin to display the so called ethernet trailer information. The plugin for your WireShark version is available for download here on DevCentral.
The example below will run a ringdump with a total size of appr. 4 GByte (20 files of 200 MByte).
Please run a "df -h" first to make sure there is enough space in the target volume.
- C 200 (200 Mio. bytes per file)
- W 20 (max 20 files)
- Z root (run as root to avoid error when writing file)
tcpdump -i 0.0:nnnp -C 200 -W 20 -s 0 -Z root -w /shared/ringdump/dump.cap