z/OS Communications Server: IP Diagnosis Guide
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Formatting data traces using IPCS

z/OS Communications Server: IP Diagnosis Guide
GC27-3652-02

Data trace records are written to the same CTRACE component as packet trace records (SYSTCPDA). Thus, all the IPCS formatting features for packet trace are also available for data trace. You can use the ENTIDLIST parameter to isolate data trace records and packet trace records from each other. For an example of data trace records formatted by the FORMAT option, see the sample below. For a full description of the FORMAT option and information about other options that can be used to format data trace records, see Formatting packet traces using IPCS.

SYSTCPDA can create two types of records:
Common data trace records
SYSTCPDA creates common data trace records for every data exchange between the two endpoints of a session.
Start and End records
For TCP and UDP sockets, SYSTCPDA creates start and end records to delineate the logical boundaries of a session1. The start and end records are created for the following socket processing:
  • Initial socket read or write
  • Close of a socket
The main difference between the two types of records is the absence of actual data in start and end records. Common data trace records have a field called Data, which contain payload data that is transmitted between the two endpoints. Start and end records also contain a field called State, which indicates whether the record represents the start or end of the session.
Figure 1 is an example of the FORMAT option output, which shows a set of records for a socket, including the start data trace record, a common data trace record, and the end data trace record.
Figure 1. FORMAT option output
 63 MVS182   DATA     00000005 13:18:52.705250 Data Trace
 1 To Jobname        : USER12                                    Full=0
 2  Tod Clock        : 2009/06/22 13:18:52.705248                Cid: 00000058
 3  Domain           : AF_Inet          Type: Stream             Protocol: TCP       
 4  State            : API Data Flow Starts                                          
    Segment #        : 0                Flags:  Out                                   
 5  Source           : 10.81.2.5                                                       
 6  Destination      : 10.81.2.1                                                     
    Source Port      : 0           Dest Port: 2000  Asid: 0041 TCB: 006FF1D8   

------------------------------------------------------------------------------- 
   64 MVS182   DATA     00000005 13:18:52.705252 Data Trace
 To Jobname     : USER12                                    Full=39
  Tod Clock     : 2009/06/22 13:18:52.705252                Cid: 00000058
  Domain        : AF_Inet          Type: Stream             Protocol: TCP
  Segment #     : 0                Flags: Adj Out
  Source        : 10.81.2.5
  Destination   : 10.81.2.1
  Source Port   : 2000             Dest Port: 0     Asid: 0041 TCB: 006FF1D8

 7  Data            : 39     Data Length: 39                  Offset: 0
  000000 E3D5E3D6 F0F0F0F5 40C9D7A5 F440E4C4 D740F1A2 A340E6D9 C9E3C540 C6D9D6D4
  000020 40

-------------------------------------------------------------------------------
   63 MVS182   DATA     00000005 13:18:52.705250 Data Trace
 To Jobname     : USER12                                    Full=0
  Tod Clock     : 2009/06/22 13:18:52.705254                Cid: 00000058
  Domain        : AF_Inet          Type: Stream             Protocol: TCP
  State         : API Data Flow Ends
  Segment #     : 0                Flags: None
  Source        : 10.81.2.5
  Destination   : 10.81.2.1
  Source Port   : 0           Dest Port: 2000 Asid: 0041 TCB: 006FF1D8
 1 jobname
Provides the name of the job that performed the socket read or write operation.
Full or Abbrev
Indicates whether the whole packet was traced and provides the length of the traced data.
  • The value Full = x indicates that the whole packet was traced.
  • The value Abbrev = x indicates that a truncated portion of the packet was traced.
 2 Tod Clock
Provides the timestamp of the time when the read or write operation took place.
Cid: xxxxxxxx
Provides the connection id that uniquely identifies the session between the two endpoints. As shown in the example, the Cid is the same for the three records.
 3 Domain
Indicates whether this is IPv4 (AF_Inet) or IPv6 (AF_Inet6).
Type and Protocol
Provide the type of traffic (e.g. Stream, Datagram, Raw) and protocol used.
 4 State
This field is only displayed for a start or end record and indicates whether this is a start or an end record.
 5 Source and Destination
Provide the source and destination IP addresses of the two end points. For TCP sockets, these values are always provided. For UDP sockets, these values are provided only when a connect or bind function was executed against the socket.
 6 Source Port and Dest Port
Provide the port numbers of the source and destination addresses.
Asid and TCB
Provide the address space id and TCB address.
 7 Data
Provides the length of the payload data and is followed by a hexadecimal display of the actual payload data.
Parent topic: Data trace (SYSTCPDA) for TCP/IP stacks
1 The term session here should be read as a logical connection between two endpoints, independent of the protocol used (which can be TCP or UDP).

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014