184 Fast Connect for AIX Version 3.1 Guide
If server and statistics startup time do not match, you must be careful about
interpreting the results. For example, if you reset the statistics in the middle of
some sessions, all active sessions will register just at the end of the session,
and you can later see more dropped (ended) sessions than started ones.
11.5.3 TCP/IP protocol troubleshooting
There is no special utility on AIX for analyzing SMB protocol, but you can use
one of the standard utilities for analyzing TCP/IP.
11.5.3.1 iptrace utility
iptrace is a utility for recording Internet packets received from configured
interfaces. You can provide a filter to capture only important network data.
You can only trace data between local and remote host (not between two
remote hosts). The iptrace utility runs as a daemon, and you must stop it with
the
kill command. The trace data is written to a file, which can then be
processed with the
ipreport command. The syntax for the iptrace utility is:
iptrace [ flags ] LogFile
You can use the following flags:
-i interface This defines the specific network interface.
-P protocol This defines the network protocol (number or entry from
/etc/protocols)
-p port This defines the port number (number or entry from
/etc/services).
-s host This defines the source host name or host IP address.
-d host This defines the destination host name or host IP address.
-b This changes -s or -d to bidirectional mode.
-a This suppresses ARP packets.
-e This enables promiscuous mode on network adapters that
support this function.
You can see part of the output obtained from capturing the NetBIOS protocol
(only port netbios-ssn) with ipreport:
Chapter 11. Fast Connect for AIX troubleshooting 185
11.5.3.2 tcpdump command
The
tcpdump command prints out the headers of packets on a network
interface. You can define expressions to select packets that you want to see.
The basic syntax of the
tcpdump command is:
tcpdump { flags } expression
Important flags are:
-c count This exits after receiving count packets.
-f This prints the foreign Internet address numerically, not
symbolically.
-i interface This defines an interface to which to listen. If not defined,
tcpdump will select one available interface.
$ iptrace -a -p netbios-ssn -s lv3030b -b trace.out
$ kill $(ps -fe | grep iptrace | grep -v grep | cut -c9-16)
$ ipreport trace.out
...
====( 220 bytes received on interface tr0 )==== 01:42:12.313466462
802.5 packet
802.5 MAC header:
access control field = 10, frame control field = 40
[ src = 00:06:29:b7:24:0c, dst = 00:04:ac:62:c9:80]
802.2 LLC header:
dsap aa, ssap aa, ctrl 3, proto 0:0:0, type 800 (IP)
IP header breakdown:
< SRC = 9.3.187.213 > (lv3030c.itsc.austin.ibm.com)
< DST = 9.53.195.11 > (ausres10.austin.ibm.com)
ip_v=4, ip_hl=20, ip_tos=0, ip_len=198, ip_id=51908, ip_off=0DF
ip_ttl=22, ip_sum=3265, ip_p = 6 (TCP)
TCP header breakdown:
<source port=1932, destination port=139(netbios-ssn) >
th_seq=216bef8, th_ack=3a349002
th_off=5, flags<PUSH | ACK>
th_win=5836, th_sum=d8ea, th_urp=0
00000000 0000009a ff534d42 72000000 00000000 |.....SMBr.......|
00000010 00000000 00000000 00000000 0000c11d |................|
00000020 00000132 00770002 5043204e 4554574f |...2.w..PC NETWO|
00000030 524b2050 524f4752 414d2031 2e300002 |RK PROGRAM 1.0..|
00000040 4d494352 4f534f46 54204e45 54574f52 |MICROSOFT NETWOR|
00000050 4b532033 2e300002 444f5320 4c4d312e |KS 3.0..DOS LM1.|
00000060 32583030 32000244 4f53204c 414e4d41 |2X002..DOS LANMA|
00000070 4e322e31 00025769 6e646f77 7320666f |N2.1..Windows fo|
00000080 7220576f 726b6772 6f757073 20332e31 |r Workgroups 3.1|
00000090 6100024e 54204c4d 20302e31 3200 |a..NT LM 0.12. |
====( 141 bytes transmitted on interface tr0 )==== 01:42:12.318337099

Get AIX Fast Connect for AIX Version 3.1 Guide now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.