IBM Support

Collecting a communications trace in Linux

How To


Summary

This document describes how to gather a communications trace on a Linux system using tcpdump.

Objective

Analyze communication between a Linux client and an IBM i server.

Steps

✅ Steps to Gather a Communication Trace on Linux

1. Ensure Required Tools Are Installed

  • Most Linux distributions include tcpdump by default. If not: 
sudo apt-get update && sudo apt-get install tcpdump
  • Or for RHEL/CentOS:
sudo yum install tcpdump

2. Verify Permissions

  • Capturing packets requires root privileges.
  • If you run tcpdump without sudo, it will fail silently or wait for authentication.
  • Tip: Always prefix with sudo or run in a root shell.

3. Identify the Network Interface

  • List interfaces: 
ip link show
  • Common names: eth0, ens33, enp0s3, etc.
  • Use the correct interface in your command.

4. Run tcpdump

Basic syntax:

sudo tcpdump -i <interface> host <targetIP> -w <outputfile>.pcap

Example:

sudo tcpdump -i eth0 host 192.168.1.10 -w linux_comm_trc.pcap

Notes:

  • -i eth0 → capture on eth0.
  • host 9.5.68.29 → filter traffic to/from that IP.
  • -w comm_trace.pcap → write raw packets to a file.

5. Run in Background (Optional)

If you want to keep working while capturing:

sudo tcpdump -i eth0 host 192.168.1.10 -w linux_comm_trace.pcap &

Important: If you background it, make sure sudo doesn’t hang waiting for a password.\ Solution: Run sudo once interactively before backgrounding, or use sudo -S with a password manager.

6. Stop Capture

  • To stop: 
sudo killall tcpdump
  • Or bring the job to foreground and press Ctrl+C.

7. Verify the File

  • Check size:
ls -lh comm_trace.pcap
  • Inspect contents: 
tcpdump -r comm_trace.pcap | head
  • Or use Wireshark GUI or tshark:
tshark -r comm_trace.pcap

8. Optional Filters

  • Capture only TCP:
sudo tcpdump -i eth0 tcp and host 192.168.1.10 -w trace.pcap
  • Capture specific port:
sudo tcpdump -i eth0 port 445 -w smb_trace.pcap

Additional Information

✅ Common Pitfalls

  • No file generated? Usually because sudo was waiting for a password in the background.
  • Permission denied? Ensure you run as root or with sudo.
  • Interface down? Verify with ip link show and use the correct interface.

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB68","label":"Power HW"},"Business Unit":{"code":"BU070","label":"IBM Infrastructure"},"Product":{"code":"SWG60","label":"IBM i"},"ARM Category":[{"code":"a8m0z0000000CGSAA2","label":"Communications-\u003ETrace Types and Instructions"}],"ARM Case Number":"TS020929768","Platform":[{"code":"PF012","label":"IBM i"}],"Version":"6.1.0;7.1.0;7.2.0;7.3.0;7.4.0;7.5.0;7.6.0"}]

Document Information

Modified date:
10 December 2025

UID

ibm17254322

Page Feedback