nwmip
How You Trace Packets
Packet tracing is a valuable tool for troubleshooting network connectivity problems. NetMaster NM for TCP/IP
SmartTrace
Is the integrated real-time packet tracing facility for
NetMaster NM for TCP/IP
. The facility lets you perform the following tasks:Initiate a trace, and view the results in real time.
Define trace criteria using a panel interface.
Export trace data to libpcap or CTRACE format, enabling you to use the trace data with other packet tracing viewers.
CTRACE
Is a menu-assisted facility for starting and stopping the IBM component trace (SYSTCPDA) to obtain and view IP packet and data traces. Using this facility, you can initiate a trace without having to know the commands that are required to start CTRACE.
Packet tracing has several access points:
The Packet Tracing Menu enables you to maintain SmartTrace definitions and records. The menu also provides an option to access CTRACE. You can enter the /SMART shortcut to access the menu.
For SmartTrace, the following access points are available:
You can initiate a trace by using a line command from the IP Node Monitor, IP Resource Monitor, or a connection list.
You can initiate a trace from resource management menus (for example, the Stack Management menu, which you access using the /STACK shortcut).
Packet Data Decoding
Decoding interprets the packet contents according to the specific protocol and application. When a packet is decoded, its data is broken down into individual elements (for example, commands and flags). Whenever possible, the meaning of each element is displayed in readable text. When a packet is not decoded, its data is displayed in hexadecimal dump format with the corresponding EBCDIC and ASCII translations.
The TCP packets on the ports that are specified in the SMARTTRACE parameter group are decoded. The following protocols are decoded:
Distributed Relational Database Architecture (DRDA)
FTP
HTTP
Simple Object Access Protocol (SOAP) (through HTTP ports)
Telnet
You can also enter the DECODE command on a Packet List panel to decode TCP packet data for other DRDA, FTP, HTTP, and Telnet ports. Decoding applies to the current session. If you exit and then reenter the panel, enter the command again to perform specific decoding.
Packets that use the following protocols are also decoded by default:
Enhanced Interior Gateway Routing Protocol (EIGRP)
Generic Routing Encapsulation (GRE)
Internet Control Message Protocol (ICMP)
Internet Group Management Protocol (IGMP)
IPSec
Open Shortest Path First Interior Gateway Protocol (OSPFIGP)
Transport Layer Security (TLS) and Secure Sockets Layer (SSL) handshake
User Datagram Protocol (UDP) (for Enterprise Extender data only)
Packet Trace Example
This example shows the packet trace for a Telnet connection. The following process shows you how to trace the packets:
Enter
/CONNT
, and specify the criteria for the Telnet connections you want to list.Enter
PT
next to a connection.A trace starts.
Enter
PTV
next to the traced connection.The trace appears when some packets are collected.
You can press F11 (Right) to display more packet information. As shown in the trace, some packets are decoded.
Enter
S
next to a packet.The details and contents of the packet appears.
SmartTrace Definitions
The SmartTrace definitions provide more targeted tracing than is available through the PT command. You can add and activate these definitions from the All Traces panel. You can access the panel from the Packet Tracing Menu or using the /TRALL shortcut.
NetMaster NM for TCP/IP
Stack and interface names, and addresses
TCP flags and packet data
Criteria that causes the trace to stop and actions to take when the trace stops
Example: Trace Packets in an Intermittent TCP Connection
Resets are occurring in a TCP connection intermittently. You want to find out the packet activity before a reset. You decide to create a SmartTrace definition to capture this activity. You want the trace to stop when a TCP RST packet is received and capture the packets up to that point. The following process shows you how to create the definition:
From the All Traces panel, press F4 (Add) to add a new TCP trace.
Name and provide a short description for the trace, and specify the local and foreign hosts that are having intermittent TCP connections, for example:
Press F8 (Forward) twice to display Page 3 of the definition, and specify the RST flag as the criteria for the trace to stop:
Press F8 (Forward), and accept the values on Page 4.
The trace keeps up to 250 packets before a TCP RST packet is received.
