Use the PKTTRACE statement to control the packet tracing facility in TCP/IP. You can use this statement to select IP packets as candidates for tracing and subsequent analysis.
Restriction: An IP packet must meet all the conditions specified on the statement for it to be traced.
The PKTTRACE statement consists of two parts. The first part defines to TCP/IP the network interfaces that are to be traced and characteristics of how they are to be traced. The second part turns packet tracing ON or OFF or CLEARs packet trace settings for the interfaces specified on prior PKTTRACE statements or for a single interface if the LINKName/INTFName parameter is used.
Packet traces are recorded externally using the TRACE command CTRACE writer instead of GTF. See z/OS Communications Server: IP Diagnosis Guide for information about the steps required to perform an IP packet trace.
Tip: Specify the parameters for this statement in any order.
.-----------------------------------------. V | >>-PKTTRACE----+-------------------------------------+-+------->< | .-DESTport--=--*----------------. | +-+-------------------------------+---+ | '-DESTport--=--destination_port-' | | .-DISCard=NONE--------. | +-+---------------------+-------------+ | +-DISCard=*-----------+ | | +-DISCard=ALL---------+ | | '-DISCard=reason_code-' | | .-FULL-------------------------. | +-+------------------------------+----+ | | .-=--200-. | | | '-+-ABBREV--+--------+-------+-' | | '-ABBREV--=--abbrev_length-' | | .-INTFName--=--*--------------. | +-+-----------------------------+-----+ | '-INTFName--=--interface_name-' | | .-IPaddr--=--*--------------------. | +-+---------------------------------+-+ | '-IPaddr--=--+-| IPv4_address |-+-' | | '-| IPv6_address |-' | | .-LINKName--=--*--------------. | +-+-----------------------------+-----+ | '-LINKName--=--tcpip_linkname-' | +-+-ON----+---------------------------+ | +-OFF---+ | | '-CLEAR-' | | .-PORTNum--=--*-----------. | +-+-------------------------+---------+ | '-PORTNum--=--port_number-' | | .-PROT--=--*---------------. | +-+--------------------------+--------+ | +-PROT--=--TCP-------------+ | | +-PROT--=--UDP-------------+ | | +-PROT--=--ICMP------------+ | | +-PROT--=--ICMPv6----------+ | | '-PROT--=--protocol_number-' | | .-SRCPort--=--*-----------. | '-+-------------------------+---------' '-SRCPort--=--source_port-' IPv4_address .-SUBNet=255.255.255.255-. |--+-ipv4_address--+------------------------+-+-----------------| +-ipv4_address--_SUBNet=--subnet_mask------+ '-ipv4_address/num_mask_bits---------------' IPv6_address |--+-ipv6_address--------------+--------------------------------| '-ipv6_address/prefixLength-'
The protocol headers are always included, even if they exceed the ABBREV value.
IPSec Encapsulating Security Payload (ESP) packets cannot be traced by using the port number because the TCP or UDP headers are encrypted.
PKTTRACE ON,DISCARD=4138,PORTNUM=20
To facilitate defining packet tracing when many interfaces are involved, use the PKTTRACE statement with the LINKNAME=* or INTFNAME=* option to define packet tracing characteristics for the majority of the interfaces. Then use individual PKTTRACE statements with specific LINKNAME or INTFNAME parameters for each interface that must be defined differently from the majority or interfaces.
The PKTTRACE statement must appear after a valid LINK or INTERFACE statement for the link or interface in the PROFILE.TCPIP data set.
If LINKNAME=* or INTFNAME=* and all other parameters are defaults, all trace structures are deactivated and removed from all existing IPv4 and IPv6 interfaces.
If LINKNAME=* or INTFNAME=* and PROT=UDP, all trace structures for all resources are analyzed; any matches are removed. If no trace structures remain, trace is deactivated for that resource.
If LINKNAME=link_name or INTFNAME=interface_name and there are no other parameters, all trace structures for link_name/interface_name are deactivated and removed.
If LINKNAME=link_name and IP=127.0.0.1, or INTFNAME=interface_name and IP=::1, then that particular trace structure is removed if it is found. If there is only one trace structure, then that structure is removed and trace is deactivated for that resource.
If you use LINKNAME=* or INTFNAME=* and all other parameters are defaults, even if the defaults are specified, the command results replace any existing trace structures for all existing IPv4 and IPv6 interfaces.
If you use LINKNAME=link_name or INTFNAME=interface_name and another nondefault parameter, the command results are added to any existing trace structures. However, if the existing trace structure for link_name/interface_name is all defaults, the existing trace structures are discarded.
Guideline: SRCPORT and DESTPORT parameters should not be specified on the same PKTTRACE statement as the PORTNUM parameter. When the PORTNUM parameter is specified after DESTPORT or SRCPORT parameters, the DESTPORT and SRCPORT parameters are ignored.
Restriction: IPSec Encapsulating Security Payload (ESP) packets cannot be traced by port number because the TCP or UDP headers are encrypted.
IPSec Encapsulating Security Payload (ESP) packets cannot be traced by port number because the TCP or UDP headers are encrypted.
PKTTRACE ON,LINKNAME=*
LINK ...
DEVICE ...
In this example, the trace is done only for
the LOOPBACK interface.For more information about changing PKTTRACE parameters, see the descriptions for the ON and OFF parameters for PKTTRACE statement.
You can also modify existing PKTTRACE settings by using the VARY TCPIP,,PKTTRACE command. See z/OS Communications Server: IP System Administrator's Commands for more information.
PKTTRACE ON,DESTport=21
PKTTRACE ON,SRCport=21
The two commands capture all the packets received and all the packets sent for a particular port. If other options are specified, then they should be the same on both commands.
Use the Netstat DEvlinks/-d command to display the results. An IP packet is traced according to the first trace structure that the packet matches.
The following sample includes several examples of the PKTTRACE statement:
; CTC Device and Link
DEVICE CTC1 CTC D00
LINK CTCD00 CTC 1 CTC1
;
; CTC Device and Link
DEVICE CTC2 CTC D02
LINK CTCD02 CTC 1 CTC2
;
; CTC Device and Link
DEVICE CTC3 CTC D04
LINK CTCD04 CTC 1 CTC3
;
; LCS Device and Links
DEVICE LCS1 LCS 100
LINK TR1 IBMTR 1 LCS1
LINK LCSC00 ETHERNET 2 LCS1
LINK LCSF00 FDDI 3 LCS1
;
DEVICE LCS2 LCS 102
LINK LCS802 802.3 1 LCS2
;
DEVICE LCS3 LCS 104
LINK LCSE802 ETHEROR802.3 1 LCS3
;
; start pkttrace
PKTTRACE ON LINKNAME=*
;
; set defaults for all links not specified below
PKTTRACE
; set for CTCD00
PKTTRACE FULL LINKNAME=CTCD00 PROT=* IP=* SRCPORT=* DESTPORT=*
; set for CTCD02
PKTTRACE ABBREV LINKNAME=CTCD02 PROT=TCP IP=9.67.116.124
SRCPORT=5000 DESTPORT=161
; set for CTCD04
PKTTRACE ABBREV=1 LINKNAME=CTCD04 PROT=UDP IP=9.67.116.124
SUBNET=255.255.255.255 SRCPORT=161 DESTPORT=5000
; set for TR1
PKTTRACE ABBREV=200 LINKNAME=TR1 PROT=ICMP IP=*
SRCPORT=5000 DESTPORT=161
; set for LCSC00
PKTTRACE ABBREV=65535 LINKNAME=LCSC00 PROT=1 IP=9.67.116.124
SUBNET=255.255.255.255 SRCPORT=* DESTPORT=*
; set for LCSF00 not to trace
PKTTRACE OFF LINKNAME=LCSF00