DISCLAIMER : Please note that blog owner takes no responsibility of any kind for any type of data loss or damage by trying any of the command/method mentioned in this blog. You may use the commands/method/scripts on your own responsibility.If you find something useful, a comment would be appreciated to let other viewers also know that the solution/method work(ed) for you.


Using iptrace command in AIX

Creating, formatting, and reading packet traces is sometimes required to resolve problems. However, the most appropriate tool varies, depending on operating system.
The iptrace command can be very useful to find out what network traffic flows to and from an AIX system.

You can use any combination of these options, but you do not need to use them all:

-a   Do NOT print out ARP packets.

-s   [source IP] Limit trace to source/client IP address, if known.

-d   [destination IP] Limit trace to destination IP, if known.

-b   Capture bidirectional network traffic (send and receive packets).

-p   [port] Specify the port to be traced.

-i   [interface] Only trace for network traffic on a specific interface.

Examples:

1. Run iptrace on AIX interface en1 to capture port 80 traffic to file trace.out from a single client IP to a server IP:

    # iptrace -a -i en1 -s clientip -b -d serverip -p 80 trace.out

This trace will capture both directions of the port 80 traffic on interface en1 between the clientip and serverip and sends this to the raw file of trace.out.

2. To stop the trace:

    # ps -ef|grep iptrace
    # kill <PID>


3. The ipreport command can be used to transform the trace file generated by iptrace to human readable format:

    # ipreport trace.out > trace.report

4. To start the iptrace daemon with the System Resource Controller (SRC), enter:

startsrc -s iptrace -a "/tmp/nettrace"

To stop the iptrace daemon with SRC enter the following:

stopsrc -s iptrace


5. To record packets coming in and going out to any host on every interface, enter the command in the following format:

iptrace /tmp/nettrace

The recorded packets are received on and sent from the local host. All packet flow between the local host and all other hosts on any interface is recorded. The trace information is placed into the /tmp/nettrace file.

6. To record packets received on an interface from a specific remote host, enter the command in the following format:

iptrace -i en0 -p telnet -s airmail /tmp/telnet.trace

The packets to be recorded are received on the en0 interface, from remote host airmail, over the telnet port. The trace information is placed into the /tmp/telnet.trace file.

7. To record packets coming in and going out from a specific remote host, enter the command in the following format:

 iptrace -i en0 -s airmail -b /tmp/telnet.trace

The packets to be recorded are received on the en0 interface, from remote host airmail. The trace information is placed into the /tmp/telnet.trace file.



No comments:

Post a Comment

Note: Only a member of this blog may post a comment.