STATISTICS
Purpose
The records are counted by probe ID, device type, interface, interface address, job name, Asid, QOS, TCP port number, UDP port number, connection identifier, group identifier, type identifier, correlator, protocol summary, and session summary.
Format
The following command was used to
obtain the example of this report.
CTRACE COMP(SYSTCPIS) SUB((TCPCS)) SHORT
OPTIONS((OPT STATISTICS(DETAIL)))COMPONENT TRACE SHORT FORMAT
SYSNAME(MVS118)
COMP(SYSTCPIS)SUBNAME((TCPCS))
OPTIONS((OPT STATISTICS(DETAIL)))
DSNAME('IBMUSER.CTRACE1')
OPTIONS((Both Bootp(67,68) Cleanup(500) DelayAck(200,200) Domain(53)
Finger(79) Flags() Ftp(20,21) Gain(125,250) Gopher(70) Limit(999999999)
Gmt Ntp(123) Option Noreassembly Router(520) Rpc(111) Segment Smtp(25)
Snmp(161,162) Speed(10,10) Statistics(Detail) Telnet(23) Tftp(69) Time(37)
Userexit() Www(80)
))
**** 2002/11/20
===============================================================================
1 SYSTCPIS Trace Statistics
2,623 ctrace records processed
0 segmented trace records read
0 segmented trace records were lost
2,623 trace records read
0 records could not be validated
2,623 records passed filtering
2,623 packet trace records processed
0 data trace records processed
===============================================================================
2 Probe Report
Total Input Data Output Data First yyyy/mm/dd hh.mm.ss Last yyyy/mm/dd hh.mm.ss Probe
1526 1526 67144 0 0 4893 2002/11/20 17:56:00 7143 2002/11/20 18:09:17 03010021
1 1 40 0 0 5652 2002/11/20 17:57:36 5652 2002/11/20 17:57:36 03010028
859 859 34360 0 0 4553 2002/11/20 17:38:46 6376 2002/11/20 18:06:04 03020020
6 6 724 0 0 4521 2002/11/20 17:38:32 5654 2002/11/20
.
.
.
2623 2623 112084 0 0 Total
9 Probe(s) found
3 Device Type Report
Total Input Data Output Data First yyyy/mm/dd hh.mm.ss Last yyyy/mm/dd hh.mm.ss Device Type
966 966 39300 0 0 4521 2002/11/20 17:38:32 6376 2002/11/20 18:06:04 1(LCS Ethernet)
966 966 39300 0 0 Total
1 Device Type(s) found
4 Interface Report
Total Input Data Output Data First yyyy/mm/dd hh.mm.ss Last yyyy/mm/dd hh.mm.ss Interface
966 966 39300 0 0 4521 2002/11/20 17:38:32 6376 2002/11/20 18:06:04 ETH1
1657 1657 72784 0 0 4522 2002/11/20 17:38:45 7143 2002/11/20 18:09:17 UNKNOWN
2623 2623 112084 0 0 Total
2 Interface(s) found
5 Interface Address Report
Total Input Data Output Data First yyyy/mm/dd hh.mm.ss Last yyyy/mm/dd hh.mm.ss Interface
966 966 39300 0 0 4521 2002/11/20 17:38:32 6376 2002/11/20 18:06:04 ETH1
Addr: 9.42.104.38
1557 1557 68384 0 0 4522 2002/11/20 17:38:45 7143 2002/11/20 18:09:17 UNKNOWN
Addr: 9.42.104.38
.
.
.
2623 2623 112084 0 0 Total
64 Interface Address(s) found
6 JobName Report
Total Input Data Output Data First yyyy/mm/dd hh.mm.ss Last yyyy/mm/dd hh.mm.ss JobName
2610 2610 110984 0 0 4522 2002/11/20 17:38:45 7143 2002/11/20 18:09:17 FTPD1
1 1 40 0 0 4587 2002/11/20 17:39:14 4587 2002/11/20 17:39:14 INETDCS1
1 1 144 0 0 4591 2002/11/20 17:39:16 4591 2002/11/20 17:39:16 INETDCS3
8 8 416 0 0 4521 2002/11/20 17:38:32 5892 2002/11/20 18:00:07 TCPCS
1 1 123 0 0 4623 2002/11/20 17:40:48 4623 2002/11/20 17:40:48 TRMD
2 2 377 0 0 5653 2002/11/20 17:57:37 5654 2002/11/20 17:57:37 USER17
2623 2623 112084 0 0 Total
6 JobName(s) found
7 Asid Report
Total Input Data Output Data First yyyy/mm/dd hh.mm.ss Last yyyy/mm/dd hh.mm.ss Asid
2623 2623 112084 0 0 4521 2002/11/20 17:38:32 7143 2002/11/20 18:09:17 01F7
2623 2623 112084 0 0 Total
1 Asid(s) found
8 Protocol Report
Total Input Data Output Data First yyyy/mm/dd hh.mm.ss Last yyyy/mm/dd hh.mm.ss Protocol
12 12 656 0 0 4521 2002/11/20 17:38:32 5892 2002/11/20 18:00:07 1(ICMP)
2607 2607 110784 0 0 4522 2002/11/20 17:38:45 7143 2002/11/20 18:09:17 6(TCP)
4 4 644 0 0 4591 2002/11/20 17:39:16 5654 2002/11/20 17:57:37 17(UDP)
2623 2623 112084 0 0 Total $
3 Protocol(s) found
9 IP Address Report
Total Input Data Output Data First yyyy/mm/dd hh.mm.ss Last yyyy/mm/dd hh.mm.ss
11 11 484 0 0 6430 2002/11/20 18:09:02 7088 2002/11/20 18:09:16
Addr: 9.0.12.8
1 1 40 0 0 4537 2002/11/20 17:38:45 4537 2002/11/20 17:38:45
Addr: 9.0.12.225
1 1 56 0 0 5866 2002/11/20 18:00:06 5866 2002/11/20 18:00:06
Addr: 9.0.32.254
.
.
.
5246 5246 224168 0 0 Total
518 IP Address(s) found
10 Qos Report
Total Input Data Output Data First yyyy/mm/dd hh.mm.ss Last yyyy/mm/dd hh.mm.ss Qos
7 7 392 0 0 5830 2002/11/20 18:00:06 5892 2002/11/20 18:00:07 6(Internetwork)
7 7 392 0 0 Total
1 Qos(s) found
11 Tcp Port Report
Total Input Data Output Data First yyyy/mm/dd hh.mm.ss Last yyyy/mm/dd hh.mm.ss Tcp Port
2605 2605 110704 0 0 4522 2002/11/20 17:38:45 7143 2002/11/20 18:09:17 21(ftp)
1 1 40 0 0 4743 2002/11/20 17:45:56 4743 2002/11/20 17:45:56 73(netrjs-3)
1 1 40 0 0 5922 2002/11/20 18:00:10 5922 2002/11/20 18:00:10 74(netrjs-4)
.
.
.
5214 5214 221568 0 0 Total
1742 Tcp Port(s) found
12 Udp Port Report
Total Input Data Output Data First yyyy/mm/dd hh.mm.ss Last yyyy/mm/dd hh.mm.ss Udp Port
4 4 644 0 0 4591 2002/11/20 17:39:16 5654 2002/11/20 17:57:37 53(domain)
1 1 144 0 0 4591 2002/11/20 17:39:16 4591 2002/11/20 17:39:16 1032()
1 1 123 0 0 4623 2002/11/20 17:40:48 4623 2002/11/20 17:40:48 1033()
1 1 144 0 0 5653 2002/11/20 17:57:37 5653 2002/11/20 17:57:37 1034()
1 1 233 0 0 5654 2002/11/20 17:57:37 5654 2002/11/20 17:57:37 1035()
8 8 1288 0 0 Total
5 Udp Port(s) found
13 CID Report
Total Input Data Output Data First yyyy/mm/dd hh.mm.ss Last yyyy/mm/dd hh.mm.ss CID
220 220 9200 0 0 4522 2002/11/20 17:38:45 5919 2002/11/20 18:00:07 00000020
1 1 40 0 0 4553 2002/11/20 17:38:46 4553 2002/11/20 17:38:46 00000067
1 1 40 0 0 4554 2002/11/20 17:38:46 4554 2002/11/20 17:38:46 00000096
.
.
.
2615 2615 111668 0 0 Total
2396 CID(s) found
14 Group Report
Total Input Data Output Data First yyyy/mm/dd hh.mm.ss Last yyyy/mm/dd hh.mm.ss Group
2423 2423 103508 0 0 4521 2002/11/20 17:38:32 7143 2002/11/20 18:09:17 3(SCAN)
200 200 8576 0 0 5671 2002/11/20 17:59:32 5919 2002/11/20 18:00:07 4(ATTACK)
2623 2623 112084 0 0 Total
2 Group(s) found
15 Type Report
Total Input Data Output Data First yyyy/mm/dd hh.mm.ss Last yyyy/mm/dd hh.mm.ss Type
1527 1527 67184 0 0 4893 2002/11/20 17:56:00 7143 2002/11/20 18:09:17 0301(VSSCAN)
859 859 34360 0 0 4553 2002/11/20 17:38:46 6376 2002/11/20 18:06:04 0302(PSSCAN)
37 37 1964 0 0 4521 2002/11/20 17:38:32 5654 2002/11/20 17:57:37 0303(NORMSCAN)
200 200 8576 0 0 5671 2002/11/20 17:59:32 5919 2002/11/20 18:00:07 0407(FLOOD)
2623 2623 112084 0 0 Total
4 Type(s) found
16 Correlator Report
Total Input Data Output Data First yyyy/mm/dd hh.mm.ss Last yyyy/mm/dd hh.mm.ss Correlator
4 4 644 0 0 4591 2002/11/20 17:39:16 5654 2002/11/20 17:57:37 2
1 1 40 0 0 4521 2002/11/20 17:38:32 4521 2002/11/20 17:38:32 10
1 1 40 0 0 4522 2002/11/20 17:38:45 4522 2002/11/20 17:38:45 11
.
.
.
2623 2623 112084 0 0 Total
467 Correlator(s) found
17 Protocol Summary Report
Input Output Total
Protocol Packets Bytes Packets Bytes Packets Bytes
Tcp 2607 110784 0 0 2607 110784
Udp 4 644 0 0 4 644
Icmp 12 656 0 0 12 656
Other 0 0 0 0 0 0
18 Session Summary Report
Input Output First yyyy/mm/dd hh.mm.ss Last yyyy/mm/dd hh.mm.ss Protocol
1 0 5738 2002/11/20 17:59:34 5738 2002/11/20 17:59:34 TCP Lcl: 9.4.81.167-27970
Rmt: 9.42.104.38-21
1 0 5710 2002/11/20 17:59:33 5710 2002/11/20 17:59:33 TCP Lcl: 9.5.101.147-47426
Rmt: 9.42.104.38-21
1 0 5748 2002/11/20 17:59:34 5748 2002/11/20 17:59:34 TCP Lcl: 9.6.159.21-30530
Rmt: 9.42.104.38-21
.
.
.
2618 session(s) found
2623 records processed for this report
Recording ended at 2002/11/20 18:09:17.543000
Recording started at 2002/11/20 17:38:32.175560
The duration was 00:30:45.367440
1 records with ABBREV=200
2622 records with FULL=144
233 is the maximum packet data length
655360 bytes of storage used to create this report
7841 requests for 652704 bytes of storage were madeThe following describes numbered areas of the example.
- 1
- The standard statistics shown with all executions of the SYSTCPIS
packet trace formatter.
- 2,623 ctrace records processed
- The total number of CTRACE records given to the SYSTCPIS packet trace formatted.
- 0 segmented trace records read
- The total number of packets that spanned multiple CTRACE records.
- 0 segmented trace records were lost
- The total number of packets records that could not be put back together.
- 2,623 trace records read
- The total number of complete trace records.
- 0 records could not be validated
- The number of incomplete CTRACE records that could not be used.
- 2,623 records passed filtering
- The number of records that were successfully formatted.
- 2,623 packet trace records processed
- The number of records that were packet trace records.
- 0 data trace records processed
- The number of records that were data trace records.
- 2
- Probe report, which is the total by ProbeID.
- 3
- Device type report, which is the totals by device type.
- 4
- Interface report, which is the totals by interface.
- 5
- Interface address report, which is the totals interface address.
- 6
- Jobname report, which is the totals by jobname.
- 7
- ASID report, which is the totals address space identifier.
- 8
- Protocol report, which is the totals by protocol.
- 9
- IP address report, which is the totals by IP address. Both the destination and source IP addresses are counted, except when they are the same in a record.
- 10
- QOS report, which is the totals by QOS.
- 11
- TCP port report, which is the totals by TCP port number. Both the destination and source port numbers are counted, except when they are the same in a record.
- 12
- UDP port report, which is the totals by UPD port number. Both the destination and source port numbers are counted, except when they are the same in a record.
- 13
- CID report, which is the totals by connection identifier.
- 14
- Group report, which is the totals by group, first byte PROBEID.
- 15
- Type report, which is the totals by type, first two bytes of PROBEID.
- 16
- Correlator report, which is the totals by correlator.
- 17
- Protocol summary report, which is the summary based on protocol.
- 18
- Session summary report, which is the summary based on session.