Monthly Archives: April 2013

Trace IP traffic on AIX

by in AIX and tagged | Leave a comment

#startsrc -s iptrace -a “-a -i en0 /tmp/log1804_13h”
devtest2:root:/setup/wireshark186/rpm>ipreport -rns ‘/tmp/log1804_11h30’ > /tmp/log1804_11h30_fmm.log
#ipreport -rns ‘/tmp/log1804_13h’ > /tmp/log1804_13h_fmm.log

#tcpdump -I -i en0 host 10.1.14.97

means:
-I = immediate capture the data
-i = which interface to use

stopsrc -s iptrace

result
IPTRACE version: 2.0

Packet Number 1
ETH: ====( 60 bytes received on interface en0 )==== 13:21:06.026038189
ETH:    [ 00:1f:c9:bd:b9:43 -> 00:1a:64:ad:1c:4e ]  type 800  (IP)
IP:      < SRC =      10.1.13.92 >
IP:      < DST =      10.1.14.97 >  (devtest2)
IP:      ip_v=4, ip_hl=20, ip_tos=0, ip_len=44, ip_id=0, ip_off=0
IP:      ip_ttl=29, ip_sum=6e0e, ip_p = 6 (TCP)
TCP:     <source port=2051(epnsdp), destination port=6569 >
TCP:     th_seq=3587134425, th_ack=0
TCP:     th_off=6, flags<SYN>
TCP:     th_win=2048, th_sum=1513, th_urp=0
TCP:         mss 1460

Packet Number 2
ETH: ====( 60 bytes transmitted on interface en0 )==== 13:21:06.026053510
ETH:    [ 00:1a:64:ad:1c:4e -> 00:1f:c9:bd:b9:43 ]  type 800  (IP)
IP:      < SRC =      10.1.14.97 >  (devtest2)
IP:      < DST =      10.1.13.92 >
IP:      ip_v=4, ip_hl=20, ip_tos=0, ip_len=40, ip_id=57975, ip_off=0
IP:      ip_ttl=60, ip_sum=6c9a, ip_p = 6 (TCP)
TCP:     <source port=6569, destination port=2051(epnsdp) >
TCP:     th_seq=0, th_ack=3587134426
TCP:     th_off=5, flags<RST | ACK>
TCP:     th_win=0, th_sum=34bc, th_urp=0

Packet Number 3
ETH: ====( 60 bytes received on interface en0 )==== 13:21:07.026525419
ETH:    [ 00:1f:c9:bd:b9:43 -> 00:1a:64:ad:1c:4e ]  type 800  (IP)
IP:      < SRC =      10.1.13.92 >
IP:      < DST =      10.1.14.97 >  (devtest2)
IP:      ip_v=4, ip_hl=20, ip_tos=0, ip_len=44, ip_id=0, ip_off=0
IP:      ip_ttl=29, ip_sum=6e0e, ip_p = 6 (TCP)
TCP:     <source port=2051(epnsdp), destination port=6569 >
TCP:     th_seq=3587138041, th_ack=0
TCP:     th_off=6, flags<SYN>
TCP:     th_win=2048, th_sum=6f3, th_urp=0
TCP:         mss 1460

Packet Number 4
ETH: ====( 60 bytes transmitted on interface en0 )==== 13:21:07.026539486
ETH:    [ 00:1a:64:ad:1c:4e -> 00:1f:c9:bd:b9:43 ]  type 800  (IP)
IP:      < SRC =      10.1.14.97 >  (devtest2)
IP:      < DST =      10.1.13.92 >
IP:      ip_v=4, ip_hl=20, ip_tos=0, ip_len=40, ip_id=57976, ip_off=0
IP:      ip_ttl=60, ip_sum=6c99, ip_p = 6 (TCP)
TCP:     <source port=6569, destination port=2051(epnsdp) >
TCP:     th_seq=0, th_ack=3587138042
TCP:     th_off=5, flags<RST | ACK>
TCP:     th_win=0, th_sum=269c, th_urp=0

Packet Number 5
ETH: ====( 60 bytes received on interface en0 )==== 13:21:08.024898935
ETH:    [ 00:1f:c9:bd:b9:43 -> 00:1a:64:ad:1c:4e ]  type 800  (IP)
IP:      < SRC =      10.1.13.92 >
IP:      < DST =      10.1.14.97 >  (devtest2)
IP:      ip_v=4, ip_hl=20, ip_tos=0, ip_len=44, ip_id=0, ip_off=0
IP:      ip_ttl=29, ip_sum=6e0e, ip_p = 6 (TCP)
TCP:     <source port=2051(epnsdp), destination port=6569 >
TCP:     th_seq=3587141657, th_ack=0
TCP:     th_off=6, flags<SYN>
TCP:     th_win=2048, th_sum=f8d2, th_urp=0
TCP:         mss 1460

Packet Number 6
ETH: ====( 60 bytes transmitted on interface en0 )==== 13:21:08.024921011
ETH:    [ 00:1a:64:ad:1c:4e -> 00:1f:c9:bd:b9:43 ]  type 800  (IP)
IP:      < SRC =      10.1.14.97 >  (devtest2)
IP:      < DST =      10.1.13.92 >
IP:      ip_v=4, ip_hl=20, ip_tos=0, ip_len=40, ip_id=57977, ip_off=0
IP:      ip_ttl=60, ip_sum=6c98, ip_p = 6 (TCP)
TCP:     <source port=6569, destination port=2051(epnsdp) >
TCP:     th_seq=0, th_ack=3587141658
TCP:     th_off=5, flags<RST | ACK>
TCP:     th_win=0, th_sum=187c, th_urp=0

Packet Number 7
ETH: ====( 60 bytes received on interface en0 )==== 13:21:09.023192656
ETH:    [ 00:1f:c9:bd:b9:43 -> 00:1a:64:ad:1c:4e ]  type 800  (IP)
IP:      < SRC =      10.1.13.92 >
IP:      < DST =      10.1.14.97 >  (devtest2)
IP:      ip_v=4, ip_hl=20, ip_tos=0, ip_len=44, ip_id=0, ip_off=0
IP:      ip_ttl=29, ip_sum=6e0e, ip_p = 6 (TCP)
TCP:     <source port=2051(epnsdp), destination port=6569 >
TCP:     th_seq=3587145273, th_ack=0
TCP:     th_off=6, flags<SYN>
TCP:     th_win=2048, th_sum=eab2, th_urp=0
TCP:         mss 1460

Packet Number 8
ETH: ====( 60 bytes transmitted on interface en0 )==== 13:21:09.023216785
ETH:    [ 00:1a:64:ad:1c:4e -> 00:1f:c9:bd:b9:43 ]  type 800  (IP)
IP:      < SRC =      10.1.14.97 >  (devtest2)
IP:      < DST =      10.1.13.92 >
IP:      ip_v=4, ip_hl=20, ip_tos=0, ip_len=40, ip_id=57980, ip_off=0
IP:      ip_ttl=60, ip_sum=6c95, ip_p = 6 (TCP)
TCP:     <source port=6569, destination port=2051(epnsdp) >
TCP:     th_seq=0, th_ack=3587145274
TCP:     th_off=5, flags<RST | ACK>
TCP:     th_win=0, th_sum=a5c, th_urp=0

Packet Number 9
ETH: ====( 85 bytes transmitted on interface en0 )==== 13:21:09.062262682
ETH:    [ 00:1a:64:ad:1c:4e -> 00:1f:c9:bd:b9:43 ]  type 800  (IP)
IP:      < SRC =      10.1.14.97 >  (devtest2)
IP:      < DST =     10.1.13.126 >  (DEVTEST2)
IP:      ip_v=4, ip_hl=20, ip_tos=0, ip_len=71, ip_id=57981, ip_off=0
IP:      ip_ttl=30, ip_sum=8a48, ip_p = 17 (UDP)
UDP:     <source port=36911, <destination port=161(snmp) >
UDP:     [ udp length = 51 | udp checksum = a88 ]
UDP: 00000000     30290201 00040670 75626c69 63a01c02     |0)…..public…|
UDP: 00000010     01010201 00020100 3011300f 060b2b06     |……..0.0…+.|
UDP: 00000020     01040102 02010101 000500                |………..     |

Packet Number 10
ETH: ====( 1812 bytes transmitted on interface en0 )==== 13:21:09.648737534
ETH:    [ 00:1a:64:ad:1c:4e -> 00:1f:c9:bd:b9:43 ]  type 800  (IP)
IP:      < SRC =      10.1.14.97 >  (devtest2)
IP:      < DST =      10.1.11.14 >
IP:      ip_v=4, ip_hl=20, ip_tos=0, ip_len=1798, ip_id=57982, ip_off=0
IP:      ip_ttl=60, ip_sum=ffff, ip_p = 6 (TCP)
TCP:     <source port=62050, destination port=1918(can-nds) >
TCP:     th_seq=1033412937, th_ack=985700387
TCP:     th_off=8, flags<PUSH | ACK>
TCP:     th_win=33304, th_sum=5a8, th_urp=0
TCP:         nop
TCP:         nop
TCP:         timestamps TSVal: 0x51d4ae8a  TSEcho: 0x00655e7a
TCP: 00000000     04080600 1780077e 04008c00 00000000     |…….~……..|
TCP: 00000010     5e3d67a8 d3450000 028100e7 48000000     |^=g..E……H…|
TCP: 00000020     6f21c4ad 7f330000 02c6d223 0c000000     |o!…3…..#….|
TCP: 00000030     ed667655 8c745858 22020a01 0d7e88d0     |.fvU.tXX”….~..|
TCP: 00000040     51656dfb 00000083 0000c2cd 0002000a     |Qem………….|
TCP: 00000050     ffad03b0 00000000 23b018b9 115003dd     |……..#….P..|
TCP: 00000060     00030000 00000000 23b018b9 00000244     |……..#……D|
TCP: 00000070     00000001 00000002 00034445 56544553     |……….DEVTES|
TCP: 00000080     54323a4b 55582020 20202020 20202020     |T2:KUX          |
TCP: 00000090     20202020 20202020 20202020 20202020     |                |
TCP: ********

 

Tips: Detecting and Resolving Locking Conflicts

by in Troubleshooting and tagged , , | Leave a comment

/*Detecting and Resolving Locking Conflicts and Ora-00060 errors [ID 15476.1]
Collected by KhanhND
15/11/2012 */
— To find the blocked process.
select * from v$lock where request!=0;

— where &1 and &2 are the ID for the lock we are waiting on from above.
select * from v$lock where type=’TX’ and id1=’&1′ and id2=’&2;

/* Show DML lock*/
SELECT session_id,
lock_type,
mode_held,
lock_id1
FROM dba_lock l
WHERE lock_type = ‘DML’;
— Show lock user
select inst_id, sid, serial#, username, blocking_session_status, state, service_name,
schemaname, osuser, machine, port, terminal, program, sql_id, module, action, logon_time
from gv$session where sid = ‘1764’;
select distinct
a.sid “waiting sid”
, d.sql_text “waiting SQL”
, a.ROW_WAIT_OBJ# “locked object”
, a.BLOCKING_SESSION “blocking sid”
, c.sql_text “SQL from blocking session”
from v$session a, v$active_session_history b, v$sql c, v$sql d
where a.event=’enq: TX – row lock contention’
and a.sql_id=d.sql_id
and a.blocking_session=b.session_id
and c.sql_id=b.sql_id
and b.CURRENT_OBJ#=a.ROW_WAIT_OBJ#
and b.CURRENT_FILE#= a.ROW_WAIT_FILE#
and b.CURRENT_BLOCK#= a.ROW_WAIT_BLOCK#;
— When a session is waiting on a resource, it can be found waiting on the enqueue wait event
–Example:
SELECT * FROM V$SESSION_WAIT WHERE EVENT = ‘enqueue’;

–Show all sessions waiting for any lock:
SELECT event, p1, p2, p3
FROM v$session_wait
WHERE wait_time= 0
AND event = ‘enqueue’;
–From 10g a different more descriptive event name exists for the more frequent enqueues
–and you can query the TX wait event as follows:
SELECT sid, p1raw, p2, p3
FROM v$session_wait
WHERE wait_time = 0
AND event = ‘enq: TX – row lock contention’;
–Show sessions waiting for a TX lock:
SELECT * FROM v$lock WHERE type=’TX’ AND request>0;
–Show sessions holding a TX lock:
SELECT * FROM v$lock WHERE type=’TX’ AND lmode > 0;
–Show which segments have undergone the most row lock waits:
SELECT owner, object_name, subobject_name, value
FROM v$segment_statistics
WHERE statistic_name=’row lock waits’
AND value > 0
ORDER BY 4 DESC;

Tips: Find AIX user characteristic and change unsuccessful login attempts

by in AIX, Troubleshooting and tagged , | Leave a comment

Alert:

3004-303 There have been too many unsuccessful login attempts; please see the system administrator

Check AIX user:

<sojungle>@root:/etc/security>  lsuser -f  u_app01

Check his unsuccessful login counter with lsuser

<sojungle>@root:/> /usr/sbin/lsuser -a unsuccessful_login_count u_app01

Then reset the counter with chsec

<sojungle>@root:/> /usr/bin/chsec -f /etc/security/lastlog -a unsuccessful_login_count=0 -s u_app01

Change time

# perl -e ‘use POSIX;print ctime(1365039199)’

->Thu Apr  4 08:33:19 2013

Sojungle blog