Using packet trace tools iptrace, snoop, tcpdump, wireshark, and nettl

Technote (troubleshooting)


Problem(Abstract)

Creating, formatting, and reading packet traces is sometimes required to resolve problems with IBM® WebSphere® Edge Server. However, the most appropriate tool varies, depending on operating system.

Resolving the problem

Available for multiple operating systems
Wireshark is useful and a freely available tool that can read files and capture packets on almost any operating system.

    Using iptrace on AIX®
    You can use any combination of these options, you do not need to use them all:

    -a Do NOT print out arps. Useful with clean up traces.
    -s <source id> Limit trace to source/client IP address, if known.
    -d <destination id> Limit trace to destination IP, if known.
    -b Capture bidirectional traffic (send and responsepackets).
    -p <port> Specify the port to be traced.

    Example:
    1. Run iptrace on AIX interface en1 to capture port 80 traffic from a single client IP to a server IP:

      iptrace -a -i en1 -s clientip -b -d serverip -p 80 trace.out

      This trace will capture both directions of the port 80 traffic on interface en1 between the clientip and serverip and send this to the raw file of trace.out.

    2. Reproduce the problem, then run the following:

      ps -ef|grep iptrace
      kill -15 <pid>

    Trace tools like Wireshark can read trace.out files created by iptrace

    exception: it is not possible to collect a packet capture on AIX when using IBM Load Balancer for ipv4 and ipv6
    .

    Using snoop on Solaris™

    -v Include verbose output. Commonly used when dumping to pre-formatted output.
    -o Dump in binary format. Output written to a binary file that is readable by Ethereal.

    Example scenario:
    snoop hme0 -v >snoop.out
    snoop -o snoop.out

    These commands capture all traffic on the hme0 interface. Use combinations of snoop options to meet your needs.

    Warning: Using some options, packets may be corrupted by snoop.

    Using tcpdump on Linux®
    tcpdump has many options and a comprehensive man page.

    A simple way to capture all packets to a binary file which is readable with ethereal.

    Example:
    tcpdump -s 2000 -w filename.out

    For a simple packet trace that is formatted and readable by any text editor.
    This will listen on the default interface for all port 80 traffic.

    Example:
    tcpdump port 80 >filename.out

    This will watch only the eth1 interface.

    Example:
    tcpdump -i eth1 >filename.out


    Using Network Monitor with Microsoft® Windows®
    1. Start Network Monitor.
    2. Select the interface to listen on and click start.
    3. Once the traffic needed has been captured, click stop.
    4. Save the resulting file which can be read by Network Monitor or ethereal.

    For additional information, visit the technote, How to capture network traffic with Network Monitor


    Using nettl on HP-UX
    The nettl tool provides control network tracing and logging.

    Scenario:
    /usr/sbin/nettl -start
    /usr/sbin/nettl -stop
    /usr/sbin/nettl -firmlog 0|1|2 -card dev_name ...
    /usr/sbin/nettl -log class ... -entity subsystem ...
    /usr/sbin/nettl -status [log |trace |all]
    /usr/sbin/nettl -traceon kind ... -entity subsystem ...
         [-card dev_name ...] [-file tracename] [-m bytes] [-size portsize]
         [-tracemax maxsize] [-n num_files]
    /usr/sbin/nettl -traceoff -entity subsystem ...


    Cross reference information
    Segment Product Component Platform Version Edition
    Application Servers IBM HTTP Server Runtime AIX, HP-UX, Linux, Linux pSeries, Linux Red Hat - pSeries, Linux zSeries, Solaris, Windows 6.1, 6.0, 2.0, 1.3.28
    Application Servers WebSphere Application Server Plug-in AIX, HP-UX, Linux, Linux pSeries, Linux Red Hat - pSeries, Linux zSeries, Solaris, Windows 6.1, 6.0, 5.1

    Rate this page:

    (0 users)Average rating

    Document information


    More support for:

    WebSphere Application Server
    Edge Component

    Software version:

    6.0, 6.1, 7.0, 8.0, 8.5, 8.5.5

    Operating system(s):

    AIX, Linux, Solaris, Windows

    Reference #:

    1175744

    Modified date:

    2010-02-17

    Translate my page

    Machine Translation

    Content navigation