F5 BIG-IP LTM Specialist: Maintain and Troubleshoot — Question 73

An application is configured on an LTM device:
Virtual server: 10.0.0.1:80 (VLAN vlan301)

SNAT IP: 10.0.0.1 -
Pool members: 10.0.1.1:8080, 10.0.1.2:8080, 10.0.1.3:8080 (VLAN vlan302)
Which packet capture should the LTM Specialist perform on the LTM device command line interface to capture only client traffic specifically for this virtual server?

Answer options

• A. tcpdump -ni 0.0:nnn -s 0 'host 10.0.0.1' -w /var/tmp/trace.cap
• B. tcpdump -ni vlan301 -s 0 'port 80 and host 10.0.0.1' -w /var/tmp/trace.cap
• C. tcpdump -ni vlan301 -s 0 'port 8080 and host 10.0.1.1 or host 10.0.1.2 or host 10.0.1.3' -w /var/tmp/trace.cap
• D. tcpdump -ni vlan302 -s 0 'port 8080 and host 10.0.1.1 or host 10.0.1.2 or host 10.0.1.3' -w /var/tmp/trace.cap
• E. tcpdump -ni 0.0:nnn -s 0 '(port 80 and host 10.0.0.1) or (port 8080 and host 10.0.1.1 or host 10.0.1.2 or host 10.0.1.3)' -w /var/tmp/trace.cap

Correct answer: B

Explanation

The correct command is B because it captures traffic on VLAN vlan301 specifically on port 80, which is the port used by the virtual server with IP 10.0.0.1. Options A and E do not filter by VLAN and capture unnecessary traffic, while C and D focus on the pool members' ports instead of the virtual server's port.