Last Modified: Dec 18, 2024
Affected Product(s):
BIG-IP TMOS
Known Affected Versions:
15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7, 15.1.8, 15.1.8.1, 15.1.8.2, 15.1.9, 15.1.9.1, 15.1.10, 15.1.10.2, 15.1.10.3, 15.1.10.4, 15.1.10.5, 15.1.10.6, 16.0.0, 16.0.0.1, 16.0.1, 16.0.1.1, 16.0.1.2, 16.1.0, 16.1.1, 16.1.2, 16.1.2.1, 16.1.2.2, 16.1.3, 16.1.3.1, 16.1.3.2, 16.1.3.3, 16.1.3.4, 16.1.3.5, 16.1.4, 16.1.4.1, 16.1.4.2, 16.1.4.3, 16.1.5, 16.1.5.1
Opened: Mar 31, 2021 Severity: 3-Major
When using tcpdump with the :p flag, it does not capture all packets that are processed by multiple TMMs.
Causes confusion since there will be packets missing from tcpdump captures.
Traffic flows are handled by multiple TMMs, e.g., one of the following: -- 'preserve strict' set on virtual servers -- a CMP-demoted virtual server -- Service Provider (SP) DAG configured, but using custom mappings for some client IP addresses, or some traffic flows using VLANs without SPDAG configured.
Use a packet capture filter to capture clientside and serverside flows directly, without relying on the peer flow flag (":p").
None