Forum Discussion
RossVermette
Feb 15, 2019Nimbostratus
If I had to do something similar like that I would pipe the output of tcpdump to an ssh tunnel, write/save the output to wireshark directly.
example on a windows machine (need plink and wireshark)
"c:\plink.exe" -l username -pw password ipaddress_of_f5_mgmt_interface "tcpdump -w - -s0 -ni 0.0:nnn host x.x.x.x and port yyy" | "c:\Program Files\Wireshark.exe" -k -i -
There's wireshark start options to auto save files after certain size and auto roll saved file names(you'd have to figure that out). The -s0 is for full packet snaplen, you could change that to only log the first few bytes of the header you need, to reduce the data. Also you can adjust the tcpdump filters if you need.