Forum Discussion

oxybullet_28336's avatar
oxybullet_28336
Icon for Nimbostratus rankNimbostratus
Aug 09, 2016

Is this f5 related traffic?

Hello,

 

I'm a network admin and I'm trying to identify some traffic in our network. I have no knowledge regarding f5 technologies so I was wondering if anybody here can help me determine if the traffic I"m looking at is f5 related at all. I'd appreciate any help/pointers.

 

The first payload-bearing TCP packet from client to the server on port 80 has the following payload: f5 00 02 86 00 74 00 00 38 40 01 00 .. (f5 00 brought me here, 02 86 is the length of the rest of the payload and 00 74 seems like an opcode)

 

This is followed by another packet from the client with the following payload: f3 00 00 36 00 00 38 40 00 00 ... (again 00 36 is the length of the rest of the payload)

 

Any ideas if this is indeed some sort of f5-related traffic? I'm installing the wireshark f5 plugin at the moment but I'd appreciate it if anybody can tell if I'm on the right track to identify this traffic.

 

Thanks!

 

1 Reply

  • Sorry, a bit lost with your question. Were you able to identify the client and server IP ? Is the server IP configured on the F5 ?