F5 BIG-IP LTM Specialist: Maintain and Troubleshoot — Question 76

An application is configured on an LTM device:
Virtual server: 10.0.0.1:80 (VLAN vlan301)

SNAT IP: 10.0.0.1 -
Pool members: 10.0.1.1:8080, 10.0.1.2:8080, 10.0.1.3:8080 (VLAN vlan302)
Which packet capture should the LTM Specialist perform on the LTM device command line interface to capture only server traffic specifically for this application?

Answer options

• A. tcpdump -ni 0.0:nnn -s 0 'host 10.0.0.1' -w /var/tmp/trace.cap
• B. tcpdump -ni vlan301 -s 0 'port 80 and host 10.0.0.1' -w /var/tmp/trace.cap
• C. tcpdump -ni vlan302 -s 0 'port 8080 and (host 10.0.1.1 or host 10.0.1.2 or host 10.0.1.3)' -w /var/tmp/trace.cap
• D. tcpdump -ni 0.0:nnn -s 0 '(port 80 and host 10.0.0.1) or (port 8080 and host 10.0.1.1 or host 10.0.1.2 or host 10.0.1.3)' -w /var/tmp/trace.cap

Correct answer: C

Explanation

The correct answer is C because it captures traffic on VLAN vlan302, which is where the pool members are located and uses the appropriate port for the application. Options A and B are incorrect as they focus on the virtual server's IP or the wrong VLAN. Option D captures both ports but is too broad and not specific to the server traffic for the application in question.