Setting up a HiperSockets network traffic analyzer
A HiperSockets network traffic analyzer (NTA) runs in an LPAR and monitors LAN traffic between LPARs.
Before you begin
- Your Linux® instance must run in LPAR mode.
- On the SE, the LPARs must be authorized for analyzing and being
analyzed. Tip: SE authorization changes for the HiperSockets network traffic analyzer require re-creating the device by ungrouping and regrouping (see Removing a qeth group device and Creating a qeth group device). Do any authorization changes before you configure the NTA device.
- You need a traffic-dumping tool such as tcpdump.
About this task
HiperSockets NTA is available to trace both layer 3 and layer 2 network traffic, but the analyzing device itself must be configured as a layer 3 device. The analyzing device is a dedicated NTA device and cannot be used as a regular network interface.
Linux setup:
Ensure that the qeth device driver module was loaded.
Procedure
Perform the following steps:
Results
The device is now set up as a HiperSockets network traffic analyzer.
Hint: A HiperSockets network traffic analyzer
with no free empty inbound buffers might have to drop packets. Dropped
packets are reflected in the "dropped counter" of the HiperSockets network traffic analyzer
interface and reported by tcpdump.
Example:
# ip -s link show dev enca1c0
...
RX: bytes packets errors dropped overrun mcast
223242 6789 0 5 0 176
...
# tcpdump -i enca1c0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on enca1c0, link-type EN10MB (Ethernet), capture size 96 bytes
...
5 packets dropped by kernel