Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

TCPdump Tips

Often when troubleshooting an issue, running a TCPdump can be an invaluable form of diagnostic data. A recording of local traffic can help shed light on the connectivity issue which is occurring. Within the LoadMaster's Debug Options screen, there is a TCP dump utility which saves the traffic in a .pcap file. To access this option, in the main menu of the LoadMaster Web User Interface (WUI), select System Configuration > System Administration > System Log Files and click Debug Options.


The LoadMaster's TCPdump utility includes a few common filters, such as Interface, IP Address and Port. By specifying an appropriate filter, the pcap can include the client to LoadMaster connectivity as well as the LoadMaster to server connection. Enter the Virtual Service's IP address as a filter for non-transparent Virtual Services. The client's IP address is a useful filter for transparent services. A port-based filter can also be used to narrow down the traffic that is recorded.

For further information, refer to


There is a textbox called Options, where other TCPdump filters can be entered. Some additional common filters which can be helpful are listed below:

  • vrrp - Filters for HA multicasts
  • icmp - Filters for ICMP pings
  • -c - Count - changes the maximum total packets recorded
  • -s - Size - changes the maximum bytes per packet

The LoadMaster's TCPdump utility will capture the first 10,000 packets with the default settings. The memory dedicated to saving a pcap file is 30MB. When listening on two interfaces, each interface will be able to record up to 15MB of traffic.  

If the logging of packets beyond 10,000 is required - it is possible to specify to record only the first n number of bytes of each packet. Therefore, the maximum packet count (-c) can also be increased.


Was this article helpful?
1 out of 1 found this helpful