Skip to content

iptrace as a service

There are many tools for observing the activity, both normal and pathological,on the network. Some run under AIX, others run on dedicated hardware.
One tool that can be used to obtain a detailed, packet-by-packet description of the LAN activity generated by a workload is the combination of the iptrace daemon and the ipreport command. The iptrace daemon can only be started by root. By default, iptrace traces all packets.

An option (-a) allows exclusion of address resolution protocol (ARP) packets. Other options can narrow the scope of tracing to a particular source host (-s), destination host (-d), or protocol (-p). For more information, see AIX Commands Reference.

Because iptrace can consume significant amounts of processor time, you should be as specific as possible in describing the packets you want traced. Since iptrace is a daemon, it should be started with a startsrc command rather that directly from the command line. This makes it easier to control and shut down cleanly. A typical invocation would be:

 # startsrc -s iptrace -a "-a -i en0 /user/iptrace/log1" 

For more information on all the available options, read the iptrace manual page in the AIX documentation. This command starts the iptrace daemon with directions to trace all activity on the interface, en0, and place the trace data in /user/iptrace/log1.

To stop the daemon, use:

 # stopsrc -s iptrace 

If you hadn’t started it with startsrc, you would have to find its process ID with ps and kill it.

The ipreport command is a formatter for the log file. Its output is written to stdout. Options allow recognition and formatting of RPC packets (-r), identifying each packet with a number (-n), and prefixing each line with a 3-character string that identifies the protocol (-s). A typical ipreport command to format the log1 file just created (which is owned by root) would be:

 # ipreport -rns log1 > log1_formatted

This would result in a sequence of packet reports similar to the following example. The fields of most interest are: the source (SRC) and destination (DST) host address, both in dotted decimal and in ASCII; the IP packet length (ip_len); and the indication of the higher-level protocol in use (ip_p).

the ‘stuff” above is a quote from an old Bull (France) AIX manual.

To see how to start iptrace as a process follow to this post “iptrace on AIX host

Posted in Real life AIX.

Tagged with , , , .

changing the value of GID – its consequences

Often during migration from a local to a global authentication mechanism system administrator discovers that the same user group has a different numerical GID on one or more hosts. To change it system administrator either edits the file /etc/group or he/she could executes the command called chgroup.
The results of this action are quickly apparent as immediately after such change every file object which belongs to the group will show instead of the group name its previous GID value.

Now, system administrator has to comb through the file systems looking for each file/directory showing the old GID and replace it with group name.

Another AIX administrator, before the change of the group GID may collect the /path/file_name of every file owned by the group in a text file (find / -group Group_Name -ls >> FileList.txt) and use its contents after the GID change as follows:

for myFile in `cat FileList.txt | awk '{print $11}'`
        chgrp GROUP_NAME $myFile

One may quickly find out that if there is a substantial amount of files to process and the length of the command arguments list (ncargs) is not adequate the AIX shell fill refuse to execute these directives responding with the messages of “Not enough memory to execute“.

Before you start looking into one of my earlier posts suggesting how to deal with such outcome, you could try to replace the for loop with its while equivalent.

cat FileList.txt | while read line
        myFile=`echo $line | awk '{print $11}'`
        chgrp GROUP_NAME $myFile

You might be surprised but this time it may work like a charm.

Before we call it a day, we have to remember that any user defined in /etc/passwd whose primary group GID was modified still shows the “old” GID! So any users whose primary group was the one you modified will not be allowed to login!
We could use vi to open the /etc/passwd file and execute (for example) %s/333/335/g. If we did just that, what would happened to the group with GID od 2333 that is also present in this file? Its GID equals now 2335 which is not what it should be, right? So the “proper” way to change GUID is to execute %s/:333:/:335:/g instead.
Finally, I was really surprised when I noticed that GID change “sometimes” remove the (primary group) from among the user attributes. If you do the lsuser -R files .... you may not find pgrp= in the output. Fortunately, the chuser -R files pgrp=......... resolves this one and everything is back to normal.

Posted in Real life AIX.

Tagged with , , .

login with no password LINUX style

Back in the September of the previous year, I put out a post with the procedure outlining the process of setting a password-less logins to other AIX hosts. This very procedure can also be applied to whatever OS it is as long as it supports ssh/ssl.

Today, I had to harvest CPU/RAM information from a large number of LINUX machines and I decided to use the same procedure – I will set one LINUX host so from it I will be able log-in with no password or execute a command also without being asked to authenticate. As I was happily getting started with my tasks, Mike the Red Fedora wearer (really he comes to the office wearing a red fedora) Swierczynski (“ski” for short) entered my cube and after a glance at my screen asked me if I am aware that LINUX has a better tool for the task at hand. What is it Mike?

“LINUX has a command called ssh-copy-id that works for LINIX to LINUX to AIX to SOLARIS, and which will/can set the whole environment so even if a target hosts does not have the .ssh setup in the user’s home directory this command will make sure this entities will be created and populated so the user will not be asked to authenticated at login or at the instant of a command executed remotely on his behalf and carried by SSH.”

In my case, to enable a passwordless root login from hostA to hostB, I executed the following command

# ssh-copy-id -i ~root/.ssh/ rootB@host_name

Actually this command became a body of a for loop which was fed with host names from a file (some twenty or more) called hostsList.

hostA#  for host in `cat hostsList`; do ssh-copy-id -i .ssh/ root@$host; done

I almost forgot, Mike also showed me the dmidcode which spits out page after page of info which usefulness I have yet to learn.

By the way, the file was created with the same command as in September:

# ssh-keygen -t rsa

a good day everybody

Posted in Linux, LINUX, Real life AIX.

terminating session from HMC command line

Today is the day, I decided to learn how to force to close a terminal session from HMC command line instead of going to HMC GUI to do that. I admit, it took me a while to reach this point, which as you must admit is a proof of how patient man MarkD:-) is ….. Well, on the other side, there could be at least one more meaning and explanation of this story, which I am not going to investigate at all.

So, here you are – you executed vtmenu, selected the right managed system followed with the appropriate partition number/name you want to log in, and instead of seeing the world famous AIX login prompt your HMC presents you the following:

 A terminal session is already open for this partition.
 Only one open session is allowed for a partition.
 Exiting....  Received end of file, Exiting.

You can free the offending terminal session executing the command rmvterm which must be provided with the managed system name and either the right partition name or its IDentification number.

hscroot@aixhmci14:~> vtmenu
 Retrieving name of managed system(s) . . .
  Managed Systems:
   2) EpicProd-9119-FHA-SN049F777

 Enter Number of Managed System.   (q to quit): 2

Now, we will see all partitions of the selected managed system.

  Partitions On Managed System:  EpicProd-9119-FHA-SN049F777
  OS/400 Partitions not listed
   1)    CLAORRPU001                          Running
   2)    EPCDBRPU011                          Running
   3)    EPCMDRDU011                          Running
   4)    EPCRVIOS1                            Running
   5)    EPCRVIOS2                            Running
   6)    EPCSHRPU011                          Running
   7)    EPCSHRPU022                          Running

To “free” the terminal session associated with lpar (partition) known as CLAORRPU001 we could do either one:

rmvterm -m EpicProd-9119-FHA-SN049777 -p CLAORRPU001


rmvterm -m EpicProd-9119-FHA-SN049777 --id 1

With the “other” terminal session terminated, there is nothing stopping you from opening a session for yourself.

Posted in Real life AIX.

Tagged with .

LINUX on WMware – network configuration

This post shows how to configure a LINUX host built from a VMware template. In this case the WWPN aka the MAC address is duplicated on each and every guest built from the template ….. This should not be allowed as it is against the whole idea of uniqueness of network adapters within the TCP/IP world.

One of the side effects of this “issue” is the presence of eth1 interface instead of eth0 in the guest inventory. What needs to be done is described next.

After the guest is powered you need to make a note of what WMware “thinks” is the MAC address of your guest. Highlight you guest, select the Summary tab, next in the Commands pane select the option labeled Edit Settings and finally select the Network Adapter and on the right side the screen in front of your eyes there is the Mac Address entry containing the value WMware manager assigned to the guest. Copy/Paste it, memorize it, write it down on a paper. Open a console session and log-in to the guest.

Remove the following file /etc/udev/rules.d/70-persistent-net.rules

Make sure that in the /etc/sysconfig/network-scripts directory exists only one ifcfg-* file and that this file is called ifcfg-eth0. Now, edit this file by replacing the value to the right of HWADDR= with the MAC address you obtained a two or three sentences above. Is the guest ip address, netmask, gateway and so forth are correct? If the answer is YES, restart the network service – either reboot or execute the service network restart

This should be it.

Shop Amazon – Valentine’s Day Event

Posted in Linux, LINUX.

Tagged with , , .

comparing hosts performance

It is possible that in the past, this used to be a pure magic. Today, everybody can do it. What am I talking about? Contrary to the heading above this text, I am not talking about the citrus fruits but about comparing machines using their rPerf ratings (which are based on their processor architecture).

“The question: we have a guest in one of our p6 595’s and in another in one of our p770. How do they compare?”

To answer this question, we have to find the CPU frequency of both machines. How? The command prtconf is one of the possibilities. Next, we have to establish how many processors each of these two partitions have. Finally, we need to know the total number of active processors in machine one and machine two which when combined with their frequency allows us to extract/interpolate the appropriate rPerf (unit of AIX performance) value. This information can be obtain from two IBM documents which you can view/download following this link:

Here is the short extract showing for a given processor frequency pairs representing rPerf value associated with the number of processors (shown in parenthesis).

p595 and p770 rPerf details

For example, a p595 with 16@5GHz CPUs is assigned a rPerf number equal to 164.67.

Our entire p7 has 32@4.2GHz CPUs, its rPerf value is calculated as follows:


Its partition that we want to compare against a partition in p595 has 4 CPUs; its rPerf value equals:


The p595 with its 40@5GHz CPUs has rPerfs value of 368.82. Its partition with 10 CPUs has:



Assuming that my calculations are OK it looks that the old iron still has some muscle.:-)

A few days later:

If you are not mathematically incliened, follow this link to a script that does all these calculations for you. Download it and execute it on the appropriate machine – thanks Ku!

Posted in Real life AIX.

Tagged with , , , .

to the users of this blog

Unfortunately, there are some whose intentions are not noble and as the result I need to tighten security of this site.
Today, I had to delete all “wp-users” (subscribers) of this blog.

Posted in Real life AIX.

aix host memory and its usage

Today, Annwoy came to my cube with this little treasure – for you if you wonder how is your host memory used; if someone asks for what amount of the computational or non-computational memory is there? ……

#memory calculator

um=`svmon -G | head -2|tail -1| awk {'print $3'}`
um=`expr $um / 256`
cm=`svmon -G | head -2|tail -1| awk {'print $6'}`
cm=`expr $cm / 256`
ncm=`expr $um - $cm`
tm=`lsattr -El sys0 -a realmem | awk {'print $2'}`
tm=`expr $tm / 1000`
fm=`expr $tm - $um`
echo "\n\n-----------------------";
echo "System : (`hostname`)";
echo "-----------------------\n\n";

echo "\n----------------------";
echo "Memory Information\n\n";
echo "total memory = $tm MB"
echo "free memory = $fm MB"
echo "used memory = $um MB"
echo "computational memory = $cm MB"
echo "non computational memory = $ncm MB"
echo "\n\n-----------------------\n";

This is a sample output:

System : (
Memory Information

total memory = 67108 MB
free memory = 1622 MB
used memory = 65486 MB
computational memory = 17264 MB
non computational memory = 48222 MB

As I found out from Ramon, what takes a few lines of code can be accomplished with one command too – there is always more then one way to skin the AIX feline. 🙂

>svmon -G -O unit=MB
Unit: MB
      size   inuse     free     pin     virtual  available   mmode
memory  57344.00  56289.60 1054.40  9235.80  22733.89 32762.27 Ded
pg space    4096.00        68.3

               work        pers        clnt       other
pin         7560.64           0        11.0     1664.19
in use     22733.89           0    33555.71

Posted in Real life AIX.

Tagged with , , .

Disk I/O tuning advice for AIX 6.1

Another nice document from Dan Braden  AIX 6.1 Disk I/O tuning presentation

Posted in Real life AIX.

Tagged with , , .

How to make RedHat files immutable?

Today, I found that LINUX file/directory object may be immutable! LINUX like any self respecting UNIX has the chmod, chown commands but in addition it has the chattr, which can make a file immutable (+i) to any change. It can “permanently” fix file/directory access time so it stays the same regardless of how many times the file is accessed +A. I really like the last one! If the s attribute is set on a file its blocks will be written with zeros on deletion making its data recovery impossible – security minded among us make a note!

[root@wmdql1 ~]# touch removeme
[root@wmdql1 ~]# ls -l removeme
-rw-r--r-- 1 root root 0 Jan 15 12:40 removeme

[root@wmdql1 ~]# lsattr removeme
-------------e- removeme

[root@wmdql1 ~]# chattr +i /root/removeme
[root@wmdql1 ~]# lsattr removeme
----i--------e- removeme

[root@wmdql1 ~]# chattr +A /root/removeme
[root@wmdql1 ~]# lsattr removeme
----i--A-----e- removeme

[root@wmdql1 ~]# chattr +s /root/removeme
[root@wmdql1 ~]# lsattr removeme
s---i--A-----e- removeme

[root@wmdql1 ~]# chattr -s /root/removeme
[root@wmdql1 ~]# lsattr removeme
----i--A-----e- removeme

[root@wmdql1 ~]# chattr -A /root/removeme
[root@wmdql1 ~]# lsattr removeme
----i--------e- removeme

[root@wmdql1 ~]# chattr -i /root/removeme
[root@wmdql1 ~]# lsattr removeme
-------------e- removeme

[root@wmdql1 ~]# ls -l removeme
-rw-r--r-- 1 root root 0 Jan 15 12:40 removeme
[root@wmdql1 ~]#

If you keep editing a file and your “staff” keeps on disappearing ….. remember this post and execute the lsattr command against your file. Who knows, maybe the file has been set to be “immutable” to changes which is the reason behind this post! 🙂

Posted in Linux, LINUX, Real life AIX.

Tagged with , , , , .

Copyright © 2016 - 2017 Waldemar Mark Duszyk. All Rights Reserved. Created by Blog Copyright.