This project is a collection of utilities to generate, download, and work with BIG-IP packet captures.
Report Bug
·
Request Feature
Table of Contents
This is an example of how you may give instructions on setting up your project locally. To get a local copy up and running follow these simple example steps.
- Clone the repo
git clone https://github.com/f5-rahm/pcap_utils.git
- Create and activate a virtual environment
# linux/macos python3 -m venv /path/to/new/virtual/environment source <venv>/bin/activate # windows c:\>c:\Python39\python -m venv c:\path\to\myenv # cmd.exe C:\> <venv>\Scripts\activate.bat # powershell PS C:\> <venv>\Scripts\Activate.ps1
- Install requirements
pip install -r requirements.txt
The first utility in this project, support_captures.py, takes no arguments, but does require three environment variables:
- F5_HOST
- F5_USER
- F5_PASS
Once starting the script, it will ask you for three things:
- The virtual server under test
- The client IP you will be testing from (and that is observable inbound on BIG-IP)
- The F5 support case number you'll upload files to
Once the tcpdump capture is started for you, you'll have about 50 seconds to reproduce your issue. This might be extensible but YMMV. Here's a sample run through the script with the ssl profile cache set to zero.
python support_captures.py
#################################################
### BIG-IP tcpdump capture collection utility ###
#################################################
Virtual name: ext_nerdknobs.tech_443
Client IP for test traffic: 174.209.224.94
Case number: C245197
-------------------------------------------------
Virtual ext_nerdknobs.tech_443 has associated client-ssl profile cssl_nerdknobs.tech...continuing.
Session keylogger iRule (cache disabled version) created...continuing.
Session keylogger iRule applied to ext_nerdknobs.tech_443...continuing.
Starting tcpdump...please reproduce your issue now.
Session keylogger iRule removed from ext_nerdknobs.tech_443...continuing.
keylogger iRule deleted...continuing.
Secrets key file created (with cache disabled command)...continuing.
Starting qkview...standby.
Qkview still running...sleeping 10 seconds.
Qkview complete...continuing.
Downloading support files from BIG-IP.
C245197_2022-04-06.pcap downloaded.
C245197_sessionsecrets.pms downloaded.
C245197_ltm3.test.local.qkview downloaded.
All support files downloaded...continuing.
Cleaning up support files on BIG-IP.
C245197_2022-04-06.pcap deleted.
C245197_sessionsecrets.pms deleted.
C245197_ltm3.test.local.qkview deleted.
All support files cleaned up on BIG-IP...complete.
-------------------------------------------------
Please upload files in output_files directory to your support case or to supportfiles.f5.com using credentials provided by your case worker.- Utility to decrypt downloaded BIG-IP captures
- Utility to match and visualize clientside/serverside BIG-IP flows using f5ethtrailer details
- Utility to isolate SIP/RTP flows
- APM flow clarity, issue isolation
See the open issues for a full list of proposed features (and known issues).
Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are greatly appreciated.
If you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the tag "enhancement". Don't forget to give the project a star! Thanks again!
- Fork the Project
- Create your Feature Branch (
git checkout -b feature/AmazingFeature) - Commit your Changes (
git commit -m 'Add some AmazingFeature') - Push to the Branch (
git push origin feature/AmazingFeature) - Open a Pull Request
Distributed under the Apache 2.0 License. See LICENSE for more information.
Your Name - @jasonrahm - j.rahm@f5.com
Project Link: https://github.com/f5-rahm/pcap_utils
- Jay Smellow
- Delane Jackson
- The Python Community
- Othneil Drew for this readme template!