Question & Answer
Question
How can you collect SNMP or TCP/IP data for review?
Answer
The main command used for TCP data capture is tcpdump, which is available on all UNIX platforms.
For tcpdump use the platforms man pages to discover how to use the utility on the specific platform, as options and usage vary.
General guidance is given.
TCPDUMP is a GNU utility that is available for most platforms.
To capture data to a host.
tcpdump -i any -s 0 -w /tmp/tcpdump.probe.host.pcap host <probe host>
To capture data to a host and port:
tcpdump -i any -s 0 -w /tmp/tcpdump.probe.port.pcap port <probe port>
Specific data capture.
To capture data to a destination [PROBE] host:
tcpdump -s 0 -w /tmp/tcpdump_probe.pcap dst host <probe_host>
To capture data from a source [EMS] host:
tcpdump -s 0 -w /tmp/tcpdump_ems.pcap src host <ems_host>
To capture data to a destination [PROBE] host port:
tcpdump -s 0 -w /tmp/tcpdump_probe_port.pcap dst host and port <probe_port>
To capture data to a source [EMS] host port:
tcpdump -s 0 -w /tmp/tcpdump_ems_port.pcap src host and port <ems_port>
Solaris includes the SNOOP utility.
snoop -s 0 -o /tmp/tcpdump_toprobe.pcap host probe_host
snoop -s 0 -o /tmp/tcpdump_toprobeport.pcap port probe_port
snoop -s 0 -o /tmp/tcpdump_probe.pcap dst probe_host
snoop -s 0 -o /tmp/tcpdump_ems.pcap src ems_host
snoop -s 0 -o /tmp/tcpdump_probe_port.pcap dst probe_host and port probe_port
snoop -s 0 -o /tmp/tcpdump_ems_port.pcap src ems_host and port ems_port
AIX allows tcp/ip dumps using iptrace.
startsrc -s iptrace -a "-i en0 -p PROBE_PORT /tmp/trace-port.pcap"
stopsrc -s iptrace
startsrc -s iptrace -a "-i en0 -s FROM_HOST -d TO_HOST /tmp/probe-trace.pcap"
stopsrc -s iptrace
startsrc -s iptrace -a "-i en0 -s TO_HOST -d FROM_HOST /tmp/ems-trace.pcap"
stopsrc -s iptrace
Note Wireshark can be used on Microsoft Windows.
Refer to the Wireshark online manuals for usage details.
Use 'ifconfig -a' to check the interface the system uses for specific host names and ip addresses.
Use 'ifconfig -a' to check the interface the system uses for specific host names and ip addresses.
[{"Type":"MASTER","Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSSHTQ","label":"Tivoli Netcool\/OMNIbus"},"ARM Category":[{"code":"a8m500000008ZwPAAU","label":"Core Omnibus"}],"ARM Case Number":"","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"}],"Version":"8.1.0"}]
Was this topic helpful?
Document Information
Modified date:
19 July 2023
UID
swg21569745