The BIG-IP has two distinct planes:
Management-plane→ handled entirely by the management interface (MGMT)
Data-plane (TMM)→ handles Self IPs, VLAN interfaces, and traffic processing
To capture traffic on the management interface, only the management-side NICs may be used:
mgmt→ Logical name for the management interface
eth0→ Physical Linux interface mapped to the management port on most BIG-IP platforms
Both of these correctly capture inbound/outbound WebUI (HTTPS/443) traffic on the management port.
Why the correct answers are A and B
A. tcpdump -i eth0 -n port 443
On BIG-IP appliances and VMs, the management port maps toeth0at the Linux OS level.
Capturing on eth0 correctly shows HTTPS traffic to the WebUI.
B. tcpdump -i mgmt -n port 443
mgmtis the BIG-IP alias for the management interface.
This is thepreferredand most explicit capture interface for management-plane packet captures.
Why the other options are incorrect:
C. tcpdump -i 0.0
Interface0.0is the TMM switch interface used for data-plane packet captures.
Itdoes NOTcapture management-plane traffic.
D. tcpdump -i tun0
Used for tunnel interfaces (IPsec, VXLAN, etc.)
Not related to management access.
E. tcpdump -i management
There isnointerface named management on BIG-IP.
The correct names are mgmt or eth0.
