Forum Discussion
What_Lies_Bene1
Oct 03, 2013Cirrostratus
This is of course the downside of SNAT and more generally PAT. Assuming you can't easily design the SNAT out of the equation you'll need to check the connection table, find out how the client has been SNATted and create your tcpdump filter based on that. To make it easier you probably want to do this in two different terminal windows.
So, view the connection table with
tmsh show sys conn ...
- you can filter by address but sorry I can't remember the syntax, just use ? to bring up the options
Then use tcpdump as follows;
tcpdump -i 0.0 -nn -s0 'host real_client_ip or (host snat_ip and port snat_port)