F5 Captures

1) TCPDUMP

tcpdump -i 0.0 host 10.129.14.229 && port 80 -s0 -A -nn -vvv

11:05:45.224269 IP (tos 0x0, ttl 126, id 7176, offset 0, flags [DF], proto: TCP (6),
length: 44) 10.129.14.229.64923 > 10.22.105.137.80: P, cksum 0xc0a5 (correct),
53:57(4) ack 1 win 64240 in slot1/tmm3 lis=/www-prod/projects.markit.com_80
....E..,..@.~.S.....i....P ......TP.......HELLO.%.... /www-prod/projects.markit.com_80

I sent a HELLO to VIP: projects.markit.com on port 80

2) Flag specific DUMPs :

tcpdump -i 0.0 tcp[tcpflags] & (tcp-rst) != 0 && host 10.129.14.229 -s0 -A

-nn vvv

Replace tcp-rst by tcp-syn or tcp-ack or tcp-fin as per requirement.

See: http://www.tcpdump.org/tcpdump_man.html for syntax details

3) Save Capture in PCAP

-w /var/tmp/2177341515.pcap

Open above directory by doing an sftp to LB

4) 404??

Webpage giving 404 error, typing http://10.22.105.62/ in browser:

tcpdump -i 0.0 host 10.22.105.62 -s0 -A -nn vvv

11:53:02.197106 IP (tos 0x0, ttl 255, id 54276, offset 0, flags [DF], proto: TCP
(6), length: 532) 10.22.105.62.80 > 10.129.14.229.63044: P, cksum 0x8ec0
(incorrect (-> 0x2bfb), 1:493(492) ack 287 win 4666 out slot1/tmm0
lis=/www-prod/adfs.glb.markit.com_80
....E.....@....%
.i>
....P.D.-[{....P..:....HTTP/1.1 404 Not Found
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Sun, 03 Jul 2016 10:53:10 GMT
Connection: close
Content-Length: 315

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML

4.01//EN""http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>Not Found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-
ascii"></HEAD>
<BODY><h2>Not Found</h2>
<hr><p>HTTP Error 404. The requested resource is not found.</p>
</BODY></HTML>