IBM Support

Using packet trace tools iptrace, snoop, tcpdump, wireshark, and nettl



Creating, formatting, and reading packet traces is sometimes required to resolve problems with IBM® WebSphere® Edge Server. However, the most appropriate tool varies, depending on operating system.

Resolving The Problem

Available for multiple operating systems
Wireshark is useful and a freely available tool that can read files and capture packets on almost any operating system.

    Using iptrace on AIX®
    You can use any combination of these options, you do not need to use them all:

    -aDo NOT print out arps. Useful with clean up traces.
    -s <source id>Limit trace to source/client IP address, if known.
    -d <destination id>Limit trace to destination IP, if known.
    -bCapture bidirectional traffic (send and responsepackets).
    -p <port>Specify the port to be traced.

    1. Run iptrace on AIX interface en1 to capture port 80 traffic from a single client IP to a server IP:

      iptrace -a -i en1 -s clientip -b -d serverip -p 80 trace.out

      This trace will capture both directions of the port 80 traffic on interface en1 between the clientip and serverip and send this to the raw file of trace.out.

    2. Reproduce the problem, then run the following:

      ps -ef|grep iptrace
      kill -15 <pid>

    Trace tools like Wireshark can read trace.out files created by iptrace

    exception: it is not possible to collect a packet capture on AIX when using IBM Load Balancer for ipv4 and ipv6

    Using snoop on Solaris™

    -v Include verbose output. Commonly used when dumping to pre-formatted output.
    -oDump in binary format. Output written to a binary file that is readable by Ethereal.

    Example scenario:
    snoop hme0 -v >snoop.out
    snoop -o snoop.out

    These commands capture all traffic on the hme0 interface. Use combinations of snoop options to meet your needs.

    Warning: Using some options, packets may be corrupted by snoop.

    Using tcpdump on Linux®
    tcpdump has many options and a comprehensive man page.

    A simple way to capture all packets to a binary file which is readable with ethereal.

    tcpdump -s 2000 -w filename.out

    For a simple packet trace that is formatted and readable by any text editor.
    This will listen on the default interface for all port 80 traffic.

    tcpdump port 80 >filename.out

    This will watch only the eth1 interface.

    tcpdump -i eth1 >filename.out

    Using Network Monitor with Microsoft® Windows®
    1. Start Network Monitor.
    2. Select the interface to listen on and click start.
    3. Once the traffic needed has been captured, click stop.
    4. Save the resulting file which can be read by Network Monitor or ethereal.

    For additional information, visit the technote, How to capture network traffic with Network Monitor

    Using nettl on HP-UX
    The nettl tool provides control network tracing and logging.

    /usr/sbin/nettl -start
    /usr/sbin/nettl -stop
    /usr/sbin/nettl -firmlog 0|1|2 -card dev_name ...
    /usr/sbin/nettl -log class ... -entity subsystem ...
    /usr/sbin/nettl -status [log |trace |all]
    /usr/sbin/nettl -traceon kind ... -entity subsystem ...
         [-card dev_name ...] [-file tracename] [-m bytes] [-size portsize]
         [-tracemax maxsize] [-n num_files]
    /usr/sbin/nettl -traceoff -entity subsystem ...

    [{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU004","label":"Hybrid Cloud"},"Component":"Edge Component","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"8.5.5;8.5;8.0;7.0","Edition":""},{"Product":{"code":"SSEQTJ","label":"IBM HTTP Server"},"Business Unit":{"code":"BU004","label":"Hybrid Cloud"},"Component":"Runtime","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"","label":"Linux pSeries"},{"code":"","label":"Linux Red Hat - pSeries"},{"code":"","label":"Linux zSeries"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"6.1;6.0;2.0;1.3.28","Edition":""},{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU004","label":"Hybrid Cloud"},"Component":"Plug-in","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"","label":"Linux pSeries"},{"code":"","label":"Linux Red Hat - pSeries"},{"code":"","label":"Linux zSeries"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"6.1;6.0;5.1","Edition":""}]

    Document Information

    Modified date:
    15 June 2018