Using SmartTrace › View a Trace

View a Trace

You can view a packet trace from the following locations:

• From the IP Resource Monitor, IP Node Monitor, or connection list (after activating a trace with the PT command)
• From the Packet Tracing Menu through a list of packet tracing definitions

The trace provides information about the flow of packets and helps you diagnose network problems.

Note: The data displayed depends on your security access. For more information, see your Security Administrator.

The following examples show how traces can help you identify conditions that can contribute to poor response time.

Example: Packet Fragmentation

If a packet is too large and becomes fragmented, it needs to be reassembled at the destination. The process of fragmentation and reassembly can contribute to poor response time.

If a packet has been fragmented, it is indicated under the Summary Information column on the Packet List panel.

 PROD---------------------- SmartTrace : Packet List ---------------------------
 Command ===>                                                   Scroll ===> CSR 
                                                                                
                                                                S/V=View P=Print
     Definition UDP2                                                          
     Stack .... TCPIP11                     Total Traced 32                     
     Local Port 8011                                                            
     Protocol   UDP                                                             
                                                                                
          Local Host      Dir Foreign Host    Port   +Time  Bytes  Summary Infor
     0008 192.168.65.11    -> 192.168.65.31   32317 <0.001   1492   (Frag)      
     0009 192.168.65.11   <-  192.168.65.31   32317  4.005   1492   (Frag)      
     0010 192.168.65.11    -> 192.168.65.31   32317 <0.001   1492   (Frag)

Example: Retransmissions

When packets are lost, the lost segment or segments are retransmitted. Retransmissions can contribute to poor response time.

One way that TCP detects packet loss relies on the fact that when an out-of-order segment is received, the receiver generates a duplicate acknowledgement for the highest in-order data byte received. A single duplicate acknowledgement is not a reliable indicator of packet loss because the packets may have been delivered, but not in the original order. TCP distinguishes between these cases by using three duplicate acknowledgements as an indicator of packet loss. When the sending TCP receives the third duplicate acknowledgement, it retransmits the segment referenced by the duplicate ACK number. This is referred to as fast retransmission.

In the following example, the segment with relative sequence number (RelSeq) 1419406 was lost. Packet numbers 1522 through 1524 are duplicate acknowledgements of all data up to the segment with relative sequence number 1419406. Packet number 1524, being the third duplicate acknowledgement, triggers fast retransmission, and packet number 1525 is the retransmission of the segment.

 PROD---------------------- SmartTrace : Packet List ---------------------------
 Command ===>                                                   Scroll ===> CSR 
                                                                                
                                                                S/V=View P=Print
     Definition FTP                                                           
     Stack .... TCPIP11                     Total Traced 1697                   
     Local Host 192.168.65.11          <--> Foreign Host 192.168.135.39         
     Local Port 20                          Foreign Port 4177                   
     Protocol   TCP                                                             
                                                                                
          Dir  +Time  Bytes  Summary Information                                
     1520  -> <0.001   1492  Ack Psh Win=32768 RelSeq=1482061 RelAck=1 TimeStamp
     1521 <-   0.043     52  Ack     Win=64095 RelSeq=1 RelAck=1419406 TimeStamp
     1522 <-   0.007     52  Ack     Win=64095 RelSeq=1 RelAck=1419406 TimeStamp
     1523 <-   0.007     52  Ack     Win=64095 RelSeq=1 RelAck=1419406 TimeStamp
     1524 <-   0.008     52  Ack     Win=64095 RelSeq=1 RelAck=1419406 TimeStamp
     1525  -> <0.001   1492  Ack Psh Win=32768 RelSeq=1419406 RelAck=1 TimeStamp

Example: Window Size to Receive Data

Each end of a TCP connection advertises a window size that specifies the size of the buffer that is available to receive data. The size changes as data is moved into or out of the buffer. If the receiver advertises a window size of 0 (a closed window), it stops the data transfer. Closed windows can contribute to poor response time.

When a window is closed, a subsequent TCP segment must be sent to open the window by advertising a nonzero window size.

In the following example, the local end of the connection advertises a window size of 4096 in packet number 0309. After receiving three data packets (0312 through 0314) with a total of 4096 data bytes (excluding the headers), it closes the window with packet number 0315. After a short delay, the local application apparently received 2048 bytes of data, freeing up some local buffer space. The window is reopened with packet number 0317 that advertises a window size of 2048.

 PROD---------------------- SmartTrace : Packet List ---------------------------
 Command ===>                                                   Scroll ===> CSR 
                                                                                
                                                                S/V=View P=Print
     Definition TCP1                                                          
     Stack .... TCPIP11                     Total Traced 334                    
     Local Host 192.168.65.11                                                   
     Local Port 8011                                                            
     Protocol   TCP                                                             
                                                                                
          Dir Foreign Host    Port   +Time  Bytes  Summary Information          
     0309  -> 192.168.65.31   3375  <0.001     52  Ack Psh Win=4096 Seq=25131163
     0310 <-  192.168.65.31   3375   0.001     52  Ack Psh Win=6144 Seq=56108795
     0311 <-  192.168.65.31   3375  <0.001     52  Ack Psh Win=8192 Seq=56108795
     0312 <-  192.168.65.31   3375  <0.001   1492  Ack     Win=8192 Seq=56108795
     0313 <-  192.168.65.31   3375  <0.001   1492  Ack     Win=8192 Seq=56108939
     0314 <-  192.168.65.31   3375  <0.001   1268  Ack Psh Win=8192 Seq=56109083
     0315  -> 192.168.65.31   3375  <0.001     52  Ack Psh Win=0 Seq=2513116335 
     0316  -> 192.168.65.31   3375  <0.001   1076  Ack Psh Win=0 Seq=2513116335 
     0317  -> 192.168.65.31   3375  <0.001   1076  Ack Psh Win=2048 Seq=25131173

View a Trace from a Resource or a Connection

After you have started a trace, you can view the traced packets.

To view a trace from a resource or a connection, enter PTV next to the resource or connection.

The SmartTrace : Packet List appears.

View a Trace from the Packet Tracing Menu

The Packet Tracing Menu lets you list running or saved traces, which you can view.

To view a trace from the Packet Tracing Menu

1. Enter /IPPKT at the prompt.

   The Packet Tracing Menu appears.

2. Select the option for the type of definitions that you want to display.

   The SmartTrace : Packet Trace Definitions panel appears.

3. Position your cursor next to the definition for the packet trace you want to view, and press Enter.

   The definition expands to list the packet traces.

4. Enter V (View) or S next to the packet trace.

   The SmartTrace : Packet List appears, listing the packets in the trace.

   Note: If authorized, you can enter the EE command at the Command prompt to view UDP packets as EE packets.

5. (Optional) Enter PRINTLIST at the Command prompt to print the packets list.

Locate Packet Data

On a Packet List panel, you can tag packets that contain the data you want to find. You use the TAG command to specify the data you want to locate. The command searches the content of the packets (excluding the IP header) for the specified data. The packets in which the data is located are identified by a TAG flag. You can then use the FIND command to find these flags to locate those packets.

To locate packet data in the listed packets

1. Enter TAG.

   The TAG Command Prompt panel appears.

2. Specify the data you want to locate, and then press F6 (Action).

   Packets that contain the specified data are tagged, for example:

        0003 192.168.65.11   2859  <-  192.168.65.61   1817   0.001     82  Ack Psh
        0004 192.168.65.11   3001  <-  172.24.122.222  4607   0.009     50  Ack Psh
        TAG* 192.168.65.11   3001   -> 172.24.122.222  4607   0.009   1492  Ack    
        TAG2 192.168.65.11   3001   -> 172.24.122.222  4607  <0.001   1456  Ack Psh
        0007 192.168.65.11   7005  <-  172.31.9.182    2347   0.147     48  Syn    
   

3. Use the FIND command to find the tags:

   TAGn

   Indicates that the packet contains the data string specified by the nth tag.

   TAG+

   Indicates that the packet contains some of the data strings to be located.

   TAG*

   Indicates that the packet contains all the data strings to be located.

To clear selected tags, enter TAGCLR and select the tags to clear.

To clear all tags, enter TAGCLR ALL or press F3 (Exit) to exit the Packet List panel.

Decode Packet Data for Specific Protocols and Ports

Decoding interprets the packet contents according to the specific protocol and application. When a packet is decoded, its data is broken down into individual elements (for example, commands and flags). Whenever possible, the meaning of each element is displayed in readable text. When a packet is not decoded, its data is displayed in hexadecimal dump format with the corresponding EBCDIC and ASCII translations.

TCP packets on the ports specified in the SMARTTRACE parameter group are decoded. The following protocols are decoded:

• Distributed Relational Database Architecture (DRDA)
• FTP
• HTTP
• Simple Object Access Protocol (SOAP) (through HTTP ports)
• Telnet

In addition to this decoding, you can enter the DECODE command on a Packet List panel to decode TCP packet data for other DRDA, FTP, HTTP, and Telnet ports. Decoding applies to the current session. If you exit the panel and then reenter it, enter the command again to perform specific decoding.

Packets that use the following protocols are also decoded by default:

• Enhanced Interior Gateway Routing Protocol (EIGRP)
• Generic Routing Encapsulation (GRE)
• Internet Control Message Protocol (ICMP)
• Internet Group Management Protocol (IGMP)
• IPSec
• Open Shortest Path First Interior Gateway Protocol (OSPFIGP)
• Transport Layer Security (TLS) and Secure Sockets Layer (SSL) handshake
• User Datagram Protocol (UDP) (for Enterprise Extender data only)

Note: Only data packets with header information are decoded. If the data spans multiple packets, only the first packet is decoded.

To decode packet data for other ports

1. Enter DECODE.

   The DECODE Command Prompt panel appears.

2. Specify the port number for the ports you want to decode, and press F6 (Action).

   A message appears, indicating that ports are defined for decoding. Part of the decoded information appears under Summary Information.

3. Enter S next to a decoded packet to view all the decoded information.

   The Formatted Packet Display panel appears, showing the decoded information.

After you specify the decoding of certain ports, you can disable their decoding for the currently listed packets by server port type.

To disable the decoding of user-specified ports for a server type, enter DECODE server_port_type OFF.

Note: For more information about the syntax of the command, see the online help.

Example: Decoding of Packets on Port 21

The following example shows the decoding of Port 21:

     Definition FTP31                                                           
     Stack .... TCPIP11                     Description  USER001 FTP            
     Protocol   TCP                                                             
                                                                                
          Local Host      LPort Dir Foreign Host    Port   +Time  Bytes  Summary
     0001 192.168.65.11   1433   -> 192.168.65.31   21         -     78  Req: PO
     0002 192.168.65.11   1433  <-  192.168.65.31   21    <0.001     74  Rsp: 20
     0003 192.168.65.11   1433   -> 192.168.65.31   21    <0.001     58  Req: NL
     0004 192.168.65.11   1471  <-  192.168.65.31   20     0.092     60  Syn    
     0005 192.168.65.11   1471   -> 192.168.65.31   20    <0.001     60  Ack Syn
     0006 192.168.65.11   1471  <-  192.168.65.31   20    <0.001     52  Ack    
     0007 192.168.65.11   1433  <-  192.168.65.31   21    <0.001     73  Rsp: 12
     0008 192.168.65.11   1471  <-  192.168.65.31   20    <0.001     84  Ack Psh
     0009 192.168.65.11   1471  <-  192.168.65.31   20    <0.001     52  Ack Psh
     0010 192.168.65.11   1471   -> 192.168.65.31   20    <0.001     52  Ack    
     0011 192.168.65.11   1471   -> 192.168.65.31   20    <0.001     52  Ack Psh
     0012 192.168.65.11   1471  <-  192.168.65.31   20    <0.001     52  Ack Psh
     0013 192.168.65.11   1433   -> 192.168.65.31   21     0.214     52  Ack Psh

          Summary Information                                                 
     0001 Req: PORT 141,202,65,11,5,191                                       
     0002 Rsp: 200 Port request OK.                                           
     0003 Req: NLST                                                           
     0004 Syn     Win=65535 Seq=3986067402 MaxSeg=1452 WScale=3 TimeStamp     
     0005 Ack Syn Win=65535 Seq=1354158791 Ack=3986067403 MaxSeg=1452 WScale=3
     0006 Ack     Win=32768 Seq=3986067403 Ack=1354158792 TimeStamp           
     0007 Rsp: 125 List started OK                                            
     0008 Ack Psh Win=32768 Seq=3986067403 Ack=1354158792 TimeStamp           
     0009 Ack Psh Fin Win=32768 Seq=3986067435 Ack=1354158792 TimeStamp       
     0010 Ack     Win=32768 Seq=1354158792 Ack=3986067436 TimeStamp           
     0011 Ack Psh Fin Win=32768 Seq=1354158792 Ack=3986067436 TimeStamp       
     0012 Ack Psh Win=32768 Seq=3986067436 Ack=1354158793 TimeStamp           
     0013 Ack Psh Win=32747 Seq=1351125108 Ack=3978318867 TimeStamp

Packets 1 through 3 and 7, which use Port 21, are decoded.

Packets 4 through 6 and 8 through 12, which do not use Port 21, are not decoded.

Packet 13, which uses Port 21, is not decoded because it contains no data.