TCPDump for F5
by Lior Franko
Getting started
How does this work?
"TCPDump For F5" is a .NET application, it will start the TCPDump process on the F5 according to the selected filters.
It will download the capture file to the local PC and delete it from the F5.
Prerequisite
The prerequisites for the application is the v4.X of the .NET Framework and the right credentials for login.
Login
There are two options for login:
1. Use the admin and root users.
2. Use a power user:
The power user should have the following credentials:
Role: Administrator
Terminal Access: Advanced shell
Filter
The filter works as follow:
IP and ports:
((Choose source or host address) and/or (Choose destination or host address))
and/or
((Choose source port or host port) and/or (Choose destination port or host port))
Protocol:
Choose protocol from the list.
Interface:
Choose interface from the list.
Keyboard Shortcuts
On the login menu:
* Enter - Login button.
On the main manu:
* Enter - Start or Stop capture (Depends on the current status)
* Ctrl + O - Open option window.
* Ctrl + L - Logout.
Limitations
The application has the following limitations:
* Support only BIG-IP V11.x and above.
* Support only default route-domain 0.
* Support only specific port number, not available to filter by port range.
* Doesn't support "not" filter.
* Doesn't support filtering by protocol AND port number. (you can filter by port OR protocol)
* Support only predefined well known protocols.
* Doesn't support using proxy for login.