There are many tools for observing the activity, both normal and pathological,on the network. Some run under AIX, others run on dedicated hardware.
One tool that can be used to obtain a detailed, packet-by-packet description of the LAN activity generated by a workload is the combination of the
iptrace daemon and the
ipreport command. The
iptrace daemon can only be started by root. By default,
iptrace traces all packets.
An option (
-a) allows exclusion of address resolution protocol (ARP) packets. Other options can narrow the scope of tracing to a particular source host (
-s), destination host (
-d), or protocol (
-p). For more information, see AIX Commands Reference.
iptrace can consume significant amounts of processor time, you should be as specific as possible in describing the packets you want traced. Since
iptrace is a daemon, it should be started with a
startsrc command rather that directly from the command line. This makes it easier to control and shut down cleanly. A typical invocation would be:
# startsrc -s iptrace -a "-a -i en0 /user/iptrace/log1"
For more information on all the available options, read the iptrace manual page in the AIX documentation. This command starts the
iptrace daemon with directions to trace all activity on the interface,
en0, and place the trace data in
To stop the daemon, use:
# stopsrc -s iptrace
If you hadn’t started it with
startsrc, you would have to find its process ID with
ipreport command is a formatter for the log file. Its output is written to stdout. Options allow recognition and formatting of RPC packets (
-r), identifying each packet with a number (
-n), and prefixing each line with a 3-character string that identifies the protocol (
-s). A typical
ipreport command to format the log1 file just created (which is owned by root) would be:
# ipreport -rns log1 > log1_formatted
This would result in a sequence of packet reports similar to the following example. The fields of most interest are: the source (SRC) and destination (DST) host address, both in dotted decimal and in ASCII; the IP packet length (
ip_len); and the indication of the higher-level protocol in use (
the ‘stuff” above is a quote from an old Bull (France) AIX manual.
To see how to start
iptrace as a process follow to this post “iptrace on AIX host”