Forum Discussion
crodriguez
Ret. Employee
You are not doing anything wrong with your TCPDUMP; you're just capturing more data than you need to. Those packets you're seeing are the network failover "heartbeat" transmitted between devices in a sync-failover device group. If you would rather not see this traffic, then filter out UDP port 1026 on your TCPDUMP command. Or, better yet, filter for the protocol and ports you do want to see.
Amresh008
Jan 13, 2020Nimbostratus
I get similar response even after limiting the traffic capture to port 1026.