Mike_Ho
Nov 17, 2015Cirrus
tcpdump - bad capture on BigIP or insane client?
I'm troubleshooting an issue where my users in a certain country cannot access a certain VIP on LTM. In this instance my client-side sees a full 3-way handshake and tries to negotiate SSLv2 (don't say a word). Using tcpdump on BigIP and capturing with an appropriate IP-based filter on the appropriate VLAN interface I don't see all the packets. In fact I'm missing the TCP SYN and SYN/ACK packets for each connection. Why would this be?
The VIP Syncookie status is "off". There is not a protocol profile assigned with hardware SYN cookie protection enabled. The appliance is nowhere near the SYNcheck activation threshold.
What the client sees:
What the BigIP sees: