NimbostratusIs there a way to capture traffic through an LTM in both directions? I've captured a few tcpdumps, but they are all in one direction (i.e. filter a specific ip address and it is always either a source or a destination). I'd like to see the delta time between LTM and server communication.
Regards,
Tony Marques
Cirrostratus
If you specify an IP address in a tcpdump filter expression (without using the src or dst parameters) then you should see packets to and from that host. If this isn't the case then something is wrong.
If however, you meant you want to capture packets on both server-side and client-side interfaces this is possible too by using the -i any or -i 0.0 interface specification. If you're using SNAT you'll have to consider your filter expression carefully.
Nimbostratus
After I read your post I realize what I was doing "wrong". I was limiting my tcptump to destination port 4000. Therefore, that would only give me traffic in one direction. I removed that option and I'm now seeing everything I want to see (too much in fact).
Thanks,
Tony
Cirrostratus
CirrostratusHi Steve,
After I read your post I realize what I was doing "wrong". I was limiting my tcptump to destination port 4000. Therefore, that would only give me traffic in one direction. I removed that option and I'm now seeing everything I want to see (too much in fact).
Thanks,
Tony
If you just do this:
tcpdump -ni <host> and <port>
this will capture all traffic to/from and to/from port 4000. This should limit the traffic to what you want, but still see both directions. Sorry about the original post, my gt and lt chars got munged...