Scribd Logo
Upload

Welcome to Scribd!

  • F5

    Uploaded by

    Mubashir Farooq
    32 views2 pages
    F5 Tshoot TCP Dump Samples

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    F5 Tshoot TCP Dump Samples

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    32 views2 pages

    F5

    Uploaded by

    Mubashir Farooq
    F5 Tshoot TCP Dump Samples

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    1XX Informational

    2XX Success
    3XX Redirectional
    4XX Client Error
    5XX Server Error

    modify /net vlan <vlan_name> interfaces replace-all-with { <interface> }


    modify /net vlan test-vlan interfaces replace-all-with { 1.3 }

    create /net vlan <vlan_name> interfaces add { <interface> { tagged }} tag


    <vlan_tag>
    create /net vlan test-vlan interfaces add { 1.1 { tagged }} tag 4093

    modify /net vlan <vlan_name> interfaces replace-all-with { <interface> { tagged }}


    tag <vlan_tag>
    modify /net vlan test-vlan interfaces replace-all-with { 1.3 { tagged }} tag 4093

    # tcpdump -ni 0.0:nnn -s0 -w /var/tmp/vs_db.pcap host <vip_ip> or host


    <pool_member1_ip> or host <pool_member2_ip>

    Set the desired configuration (offload or any other option) to the VS_NAME

    1) Enable TCP RST cause on the BIG-IP --> tmsh modify sys db tm.rstcause.pkt value
    enable

    2) Since the traffic is encrypted with SSL, then you will need to create an iRule
    such as below.

    when CLIENTSSL_HANDSHAKE
    {
    if { [clientside {IP::remote_addr}] equals xxx.xxx.xxx.xxx }
    { log local0. "[TCP::client_port] :: RSA Session-ID:[SSL::sessionid] Master-
    Key:[SSL::sessionsecret]" } }

    when SERVERSSL_HANDSHAKE {
    if { [clientside {IP::remote_addr}] equals xxx.xxx.xxx.xxx }
    { log local0. "[TCP::client_port] :: RSA Session-ID:[SSL::sessionid]
    Master-Key:[SSL::sessionsecret]" } }

    Note 1: change xxx.xxx.xxx.xxx with the client IP used to access the Virtual Server
    (aka VS_NAME).
    Note 2: if you are not using server ssl profile attached to the VS_NAME, you will
    be require to remove SERVERSSL_HANDSHAKE, since no suce profile attached to it

    3) Attach the iRule to relevant Virtual Server (VS_NAME) in question.

    4) Start a packet trace -->


    tcpdump -s0 -vnni 0.0:nnnp -c 500000 -w /var/tmp/SR_Number_pcap.pcap host
    xxx.xxx.xxx.xxx or host VS_NAME_IP

    Note: replace xxx.xxx.xxx.xxx with the correct client IP. This should be the same
    as in the iRule on point 2 above.
    5) While the trace is running, please reproduce the problem. Once the problem is
    seen, stop the trace hitting CTRL+C

    6) Fetch a fresh QKview --> qkview -s0 -f /var/tmp/SR_Number_qkview.qkview

    7) Stop TCP RST logging --> tmsh modify sys db tm.rstcause.pkt value disable

    8) If SSL was in use, then remove decrypt iRule from Virtual Server

    9) Using Software such as WinSCP, please fetch below 2x files from the BIG-IP:
    - /var/tmp/CASE_NUMBER_pcap.pcap
    - /var/tmp/CASE_NUMBER_qkview.qkview

    You might also like