[ Bottom of Page | Previous Page | Next Page | Contents | Index | Library Home |
Legal |
Search ]
Commands Reference, Volume 3
iptrace Daemon
Purpose
Provides interface-level packet tracing for Internet
protocols.
Syntax
/usr/sbin/iptrace [ -a ] [ -b ][ -e ] [ -u ] [ -PProtocol_list ] [ -iInterface ] [ -pPort_list ] [ -sHost [ -b ] ] [ -dHost ] [ -L Log_size ] LogFile
Description
The /usr/sbin/iptrace daemon records Internet packets
received from configured interfaces. Command flags provide a filter so that
the daemon traces only packets meeting specific criteria. Packets are traced
only between the local host on which the iptrace daemon
is invoked and the remote host.
If the iptrace process was started from a command
line without the System Resource Controller (SRC), it must be stopped with
the kill -15 command. The kernel extension loaded by
the iptrace daemon remains active in memory if iptrace is stopped any other way.
The LogFile parameter specifies the name of a file
to which the results of the iptrace command are sent.
To format this file, run the ipreport command. The ipreport command may display the message TRACING DROPPED
xxxx PACKETS. This count of dropped packets indicates only the number
of packets that the iptrace command was unable to grab
because of a large packet, the size of which exceeded the socket-receive buffer
size. This message does NOT mean that the packets are being dropped by the
system.
Note
The file specified by the LogFile parameter should not reside on an NFS-mounted file system. Specifying
an output file on an NFS-mounted file system can cause the iptrace daemon to hang. You may be unable to kill the iptrace daemon if it hangs, requiring that you restart the system.
Flags
-a |
Suppresses ARP packets. |
-b |
Changes the -d or -s flags
to bidirectional mode. |
-d Host |
Records packets headed for the destination host specified by the Host variable. The Host variable
can be a host name or an Internet address in dotted-decimal format.
If used with the -b flag, the -d flag
records packets both going to and coming from the host specified by the Host variable. |
-e |
Enables promiscuous mode on network adapters that support this function. |
-i Interface |
Records packets received on the interface specified by the Interface variable. |
-L Log_size |
This option causes iptrace to
log data in such that the LogFile is copied to LogFile.old at the start and also every time it becomes
approximately Log_size bytes long. |
-P Protocol_list |
Records packets that use the protocol specified by the Protocol_list variable which is a comma separated list of protocols.
The Protocols can be a decimal number or name from the /etc/protocols file. |
-p Port_list |
Records packets that use the port number specified by the Port_list variable which is a comma separated list of ports. The Port_list variable can be a decimal number or name from
the /etc/services file. |
-s Host |
Records packets coming from the source host specified by the Host variable. The Host variable
can be a host name or an Internet address in dotted-decimal format.
If used with the -b flag, the -s flag
records packets both going to and coming from the host specified by the Host variable. |
-u |
Unloads the kernel extension that was loaded by the iptrace daemon at startup. |
Examples
- To start the iptrace daemon with the System Resource Controller (SRC),
enter:
startsrc -s iptrace -a "/tmp/nettrace"
To stop the iptrace
daemon with SRC enter the following:
stopsrc -s iptrace
- To record packets coming in and going out to any host on every interface,
enter the command in the following format:
iptrace /tmp/nettrace
The
recorded packets are received on and sent from the local host. All packet
flow between the local host and all other hosts on any interface is recorded.
The trace information is placed into the /tmp/nettrace file.
- To record packets received on an interface from a specific remote host,
enter the command in the following format:
iptrace - i en0 -p telnet -s airmail /tmp/telnet.trace
The packets to be recorded are received on the en0 interface, from remote hostairmail, over
the telnet port. The trace information is placed
into the /tmp/telnet.trace file.
- To record packets coming in and going out from a specific remote host,
enter the command in the following format:
iptrace -i en0 -s airmail -b /tmp/telnet.trace
The packets to be recorded are received on the en0 interface, from remote hostairmail. The
trace information is placed into the /tmp/telnet.trace file.
Related Information
The ipreport command,
the tcpdump command.
The /etc/protocols file format, /etc/services file format.
[ Top of Page | Previous Page | Next Page | Contents | Index | Library Home |
Legal |
Search ]