Bug ID 1007909: Tcpdump with :p (peer flow) flag does not capture forwarded between TMMs

Last Modified: Apr 24, 2024

Affected Product(s):
BIG-IP TMOS(all modules)

Known Affected Versions:
15.1.1, 15.1.2,, 15.1.3,, 15.1.4,, 15.1.5,, 15.1.6,, 15.1.7, 15.1.8,,, 15.1.9,, 15.1.10,,,, 16.0.0,, 16.0.1,,, 16.1.0, 16.1.1, 16.1.2,,, 16.1.3,,,,,, 16.1.4,,,

Opened: Mar 31, 2021

Severity: 3-Major


When using tcpdump with the :p flag, it does not capture all packets that are processed by multiple TMMs.


Causes confusion since there will be packets missing from tcpdump captures.


Traffic flows are handled by multiple TMMs, e.g., one of the following: -- 'preserve strict' set on virtual servers -- a CMP-demoted virtual server -- Service Provider (SP) DAG configured, but using custom mappings for some client IP addresses, or some traffic flows using VLANs without SPDAG configured.


Use a packet capture filter to capture clientside and serverside flows directly, without relying on the peer flow flag (":p").

Fix Information


Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips