Topic
IC4NOTICE: developerWorks Community will be offline May 29-30, 2015 while we upgrade to the latest version of IBM Connections. For more information, read our upgrade FAQ.
5 replies Latest Post - ‏2013-01-28T16:00:40Z by The_Doctor
The_Doctor
The_Doctor
73 Posts
ACCEPTED ANSWER

Pinned topic iptrace / tcpdump like tools for SEA...... do they exist ?

‏2013-01-24T03:20:42Z |
Looking to trace packets thru the SEA....

  • starttrace -event 48f
  • stoptrace
  • cattracerpt

provides some info, but the format isn't all that friendly. Haven't come across anything else in my google searches.... but maybe I'm missing something.

Are there any iptrace or tcpdump like tools for the SEA ? Anything that one can feed into WireShark ?
Updated on 2013-01-28T16:00:40Z at 2013-01-28T16:00:40Z by The_Doctor
  • j.gann
    j.gann
    52 Posts
    ACCEPTED ANSWER

    Re: iptrace / tcpdump like tools for SEA...... do they exist ?

    ‏2013-01-24T17:30:46Z  in response to The_Doctor
    many switches support port mirroring (called SPAN at cisco). I find it convenient to have a pc patched to the lab switch during testing or engineering and mirror a SEA phys port to the named snoop port and run wireshark right there for both capture and analysis.

    jg
  • seroyer
    seroyer
    352 Posts
    ACCEPTED ANSWER

    Re: iptrace / tcpdump like tools for SEA...... do they exist ?

    ‏2013-01-24T23:11:05Z  in response to The_Doctor
    iptrace and tcpdump are both available on the VIOS when logged in as root. I'm poking on this a bit right now within IBM: there is room for improvement.

    You have to have an "up" interface on the SEA. The interface is not required to have an IP address configured.

    Steve
    • The_Doctor
      The_Doctor
      73 Posts
      ACCEPTED ANSWER

      Re: iptrace / tcpdump like tools for SEA...... do they exist ?

      ‏2013-01-25T01:27:24Z  in response to seroyer
      Thanks you both for your comments.

      Using my config:
      
      en0        Defined               Standard Ethernet Network Interface en1        Defined               Standard Ethernet Network Interface en2        Defined               Standard Ethernet Network Interface en3        Defined               Standard Ethernet Network Interface en4        Defined               Standard Ethernet Network Interface en5        Defined               Standard Ethernet Network Interface en6 Defined               Standard Ethernet Network Interface en7        Defined               Standard Ethernet Network Interface en8        Available             Standard Ethernet Network Interface  # IP address on VLAN 18 en9        Defined               Standard Ethernet Network Interface ent0       Available             Virtual I/O Ethernet Adapter (l-lan) # IVM Default VLAN 1 ent1       Available             Virtual I/O Ethernet Adapter (l-lan) # IVM Default VLAN 2 ent2       Available             Virtual I/O Ethernet Adapter (l-lan) # IVM Default VLAN 3 ent3       Available             Virtual I/O Ethernet Adapter (l-lan) # IVM Default VLAN 4 ent4       Available             Logical Host Ethernet Port (lp-hea) ent5       Available             Logical Host Ethernet Port (lp-hea) ent6       Available             EtherChannel / IEEE 802.3ad Link Aggregation  # NIB mode on ENT4 / ENT5 ent7       Available             Shared Ethernet Adapter              # bridges ent6 to ent9 ent8       Available             VLAN                                 # VLAN 18 built on ent7 ent9       Available             Virtual I/O Ethernet Adapter (l-lan) # VLAN 18 
      
      for other LPARs
      

      iptrace / tcpdump on interface en8 doesn't appear to see ALL the packets (which is why I posted the original question)

      BUT if I read you right, if I change the above config to make en7 Available too..... then I can use iptrace / tcpdump on en7 and see ALL the packets. Gave it a try this evening. My test worked well.

      My results - on Power6 Blade running VIO 2.2.2.1:
      • iptrace seems to insist on an IP address for en7.... added a bogus address like 7.7.7.7 on en7 and voila, ALL packets seem to be captured.
      • tcpdump seems ok with or without an IP address on en7. ALL packets seem to be captured in both scenarios.

      We're good. Thx for the ideas, tips, & suggestions.
  • SystemAdmin
    SystemAdmin
    1743 Posts
    ACCEPTED ANSWER

    Re: iptrace / tcpdump like tools for SEA...... do they exist ?

    ‏2013-01-25T14:59:03Z  in response to The_Doctor
    I did some work with SEA tracing using simultaneous iptrace and (AIX) trace. I had to get into KDB to find associations between the trace records and the iptrace records. I was able to piece together the iptrace records with the adapter I/O activates and see the switch reflecting packets back to the SEA's real adapter. There is a SEA specific trace point as well as trace points for the different types of Ethernet adapters. There are several KDB SEA specific sub commands, but I found the most interesting one (seamac, that might show the forwarding table), segment faulted and IBM just wrote an APAR on it.
    • The_Doctor
      The_Doctor
      73 Posts
      ACCEPTED ANSWER

      Re: iptrace / tcpdump like tools for SEA...... do they exist ?

      ‏2013-01-28T16:00:40Z  in response to SystemAdmin
      FWIW, following your post I tried the seamac sub-command on 2.2.1.4 & 2.2.2.1 systems I have access to.

      On 2.2.1.4, seamac segment faulted like you already pointed out. On 2.2.2.1, seamac completed ok. The table seems fairly dynamic as one might expect, but here's a sample snapshot with a few comments. This 2.2.2.1 system is IVM running on a Power6 Blade with 2 AIX LPARs.
      
      (0)> seamac ---- SEA MAC Table (@0000000110F0A110) ----   # 0 - 5C:F3:FC:6F:13:A4 REAL # 1 - 00:50:56:AD:00:11 REAL # 2 - 5C:F3:FC:75:0F:65 REAL # 3 - 00:50:56:AD:32:5F REAL # 4 - 5C:F3:FC:75:0F:67 REAL # 5 - AA:AF:4C:50:6E:04 VIRTUAL   <- one of my AIX LPARs.  AA:AF:4C:50:6E:03 is my other AIX LPAR # 6 - 00:26:51:2A:84:D2 REAL      <- 
      
      default g/w # 7 - 00:50:56:A7:20:27 REAL # 8 - 00:50:56:A7:00:09 REAL # 9 - 00:1E:F6:AE:91:05 REAL #10 - E4:1F:13:F6:A5:D0 REAL #11 - 5C:F3:FC:75:0D:85 REAL #12 - 00:50:56:AD:16:06 REAL #13 - 5C:F3:FC:75:0D:87 REAL #14 - 00:26:0B:1E:22:22 REAL #15 - DE:AD:BE:EF:77:77 REAL      <- an interesting mac addr #16 - 34:40:B5:BF:4C:55 REAL #17 - 00:26:51:2A:84:F2 REAL #18 - 5C:F3:FC:5F:76:E1 REAL #19 - 00:26:51:2A:84:DF REAL #20 - 00:50:56:AD:00:0F REAL ---- SEA VCMAC Table (@0000000110F247D8) ----     (0)>
      

      I don't recognize mac entries 0-4 & 7-20 on my network (albeit some mac addresses are "close" to some I recognize), so I can only speculate they are some type of "hash" or "expired" entry.

      Anyway, just thought you might be interested.