|
Problem(Abstract) |
Creating, formatting, and reading packet traces is
sometimes required to resolve problems with IBM® WebSphere® Edge Server.
However, the most appropriate tool varies, depending on operating
system. |
|
|
|
Resolving the
problem |
Available for multiple operating systems
Wireshark is useful and a freely
available tool that can read files and capture packets on almost any
operating system. Using iptrace on AIX®
You can use any combination of these options, you do not need to use them
all:
-a |
Do NOT print out arps. Useful with clean up traces. |
-s <source id> |
Limit trace to source/client IP address, if known. |
-d <destination id> |
Limit trace to destination IP, if known. |
-b |
Capture bidirectional traffic (send and
responsepackets). |
-p <port> |
Specify the port to be traced. |
Example:
- Run iptrace on AIX interface en1 to capture port 80 traffic
from a single client IP to a server IP:
iptrace -a -i en1 -s clientip -b -d serverip -p 80 trace.out
This trace will capture both directions of the port 80 traffic on
interface en1 between the clientip and serverip and send this to the raw
file of trace.out.
- Reproduce the problem, then run the following:
ps -ef|grep iptrace
kill <pid> -15
ipreport -n trace.out>trace.fmt
The -n option simply numbers the packets.
Trace tools like Ethereal can read both the raw trace.out file
and the formatted trace.fmt files.
Using snoop on Solaris™
-v |
Include verbose output. Commonly used when dumping to
pre-formatted output. |
-o |
Dump in binary format. Output written to a binary file
that is readable by Ethereal. |
Example scenario:
snoop hme0 -v >snoop.out
snoop -o snoop.out
These commands capture all traffic on the hme0 interface. Use
combinations of snoop options to meet your needs.
Warning: Using some options, packets may be corrupted by snoop.
Using tcpdump on Linux®
tcpdump has many options and a comprehensive man page.
A simple way to capture all packets to a binary file which is readable
with ethereal.
Example:
tcpdump -s 2000 -w filename.out
For a simple packet trace that is formatted and readable by any text
editor.
This will listen on the default interface for all port 80 traffic.
Example:
tcpdump port 80 >filename.out
This will watch only the eth1 interface.
Example:
tcpdump -i eth1 >filename.out
Using Network Monitor with Microsoft® Windows®
- Start Network Monitor.
- Select the interface to listen on and click start.
- Once the traffic needed has been captured, click stop.
- Save the resulting file which can be read by Network Monitor or
ethereal.
For additional information, visit the technote, How to capture network
traffic with Network Monitor
Using nettl on HP-UX
The nettl tool provides control network tracing and logging.
Scenario:
/usr/sbin/nettl -start
/usr/sbin/nettl -stop
/usr/sbin/nettl -firmlog 0|1|2 -card dev_name ...
/usr/sbin/nettl -log class ... -entity subsystem ...
/usr/sbin/nettl -status [log |trace |all]
/usr/sbin/nettl -traceon kind ... -entity subsystem ...
[-card dev_name ...] [-file tracename] [-m bytes]
[-size portsize]
[-tracemax maxsize] [-n num_files]
/usr/sbin/nettl -traceoff -entity subsystem ...
Notes:
- Ethereal can not read a nettl binary trace file.
- Ethereal is available for HP-UX and may have a more
intuitive interface than nettl.
|
|
|
|
|
Cross Reference information |
Segment |
Product |
Component |
Platform |
Version |
Edition |
Application Servers |
IBM HTTP Server |
Runtime |
AIX, HP-UX, Linux, Linux pSeries, Linux Red Hat - pSeries, Linux
zSeries, Solaris, Windows |
6.1, 6.0, 2.0, 1.3.28 |
|
Application Servers |
WebSphere Application Server |
Plug-in |
AIX, HP-UX, Linux, Linux pSeries, Linux Red Hat - pSeries, Linux
zSeries, Solaris, Windows |
6.1, 6.0, 5.1 |
|
|
|
|