Using packet trace tools iptrace, snoop, tcpdump, wireshark, and nettl
Creating, formatting, and reading packet traces is sometimes required to resolve problems with IBM® WebSphere® Edge Server. However, the most appropriate tool varies, depending on operating system.
Resolving the problem
Available for multiple operating systems
Wireshark is useful and a freely available tool that can read files and capture packets on almost any operating system.
You can use any combination of these options, you do not need to use them all:
|-a||Do NOT print out arps. Useful with clean up traces.|
|-s <source id>||Limit trace to source/client IP address, if known.|
|-d <destination id>||Limit trace to destination IP, if known.|
|-b||Capture bidirectional traffic (send and responsepackets).|
|-p <port>||Specify the port to be traced.|
- Run iptrace on AIX interface en1 to capture port 80 traffic from a single client IP to a server IP:
iptrace -a -i en1 -s clientip -b -d serverip -p 80 trace.out
This trace will capture both directions of the port 80 traffic on interface en1 between the clientip and serverip and send this to the raw file of trace.out.
- Reproduce the problem, then run the following:
ps -ef|grep iptrace
kill -15 <pid>
Trace tools like Wireshark can read trace.out files created by iptrace
exception: it is not possible to collect a packet capture on AIX when using IBM Load Balancer for ipv4 and ipv6
Using snoop on Solaris™
|-v||Include verbose output. Commonly used when dumping to pre-formatted output.|
|-o||Dump in binary format. Output written to a binary file that is readable by Ethereal.|
snoop hme0 -v >snoop.out
snoop -o snoop.out
These commands capture all traffic on the hme0 interface. Use combinations of snoop options to meet your needs.
Warning: Using some options, packets may be corrupted by snoop.
Using tcpdump on Linux®
tcpdump has many options and a comprehensive man page.
A simple way to capture all packets to a binary file which is readable with ethereal.
tcpdump -s 2000 -w filename.out
For a simple packet trace that is formatted and readable by any text editor.
This will listen on the default interface for all port 80 traffic.
tcpdump port 80 >filename.out
This will watch only the eth1 interface.
tcpdump -i eth1 >filename.out
Using Network Monitor with Microsoft® Windows®
- Start Network Monitor.
- Select the interface to listen on and click start.
- Once the traffic needed has been captured, click stop.
- Save the resulting file which can be read by Network Monitor or ethereal.
For additional information, visit the technote, How to capture network traffic with Network Monitor
Using nettl on HP-UX
The nettl tool provides control network tracing and logging.
/usr/sbin/nettl -firmlog 0|1|2 -card dev_name ...
/usr/sbin/nettl -log class ... -entity subsystem ...
/usr/sbin/nettl -status [log |trace |all]
/usr/sbin/nettl -traceon kind ... -entity subsystem ...
[-card dev_name ...] [-file tracename] [-m bytes] [-size portsize]
[-tracemax maxsize] [-n num_files]
/usr/sbin/nettl -traceoff -entity subsystem ...
|Application Servers||IBM HTTP Server||Runtime||AIX, HP-UX, Linux, Linux pSeries, Linux Red Hat - pSeries, Linux zSeries, Solaris, Windows||6.1, 6.0, 2.0, 1.3.28|
|Application Servers||WebSphere Application Server||Plug-in||AIX, HP-UX, Linux, Linux pSeries, Linux Red Hat - pSeries, Linux zSeries, Solaris, Windows||6.1, 6.0, 5.1|
More support for:
WebSphere Application Server
Software version: 6.0, 6.1, 7.0, 8.0, 8.5, 8.5.5
Operating system(s): AIX, Linux, Solaris, Windows
Reference #: 1175744
Modified date: 17 February 2010