Trace IP traffic on AIX

#startsrc -s iptrace -a “-a -i en0 /tmp/log1804_13h”
devtest2:root:/setup/wireshark186/rpm>ipreport -rns ‘/tmp/log1804_11h30’ > /tmp/log1804_11h30_fmm.log
#ipreport -rns ‘/tmp/log1804_13h’ > /tmp/log1804_13h_fmm.log

#tcpdump -I -i en0 host 10.1.14.97

means:
-I = immediate capture the data
-i = which interface to use

stopsrc -s iptrace

result
IPTRACE version: 2.0

Packet Number 1
ETH: ====( 60 bytes received on interface en0 )==== 13:21:06.026038189
ETH:    [ 00:1f:c9:bd:b9:43 -> 00:1a:64:ad:1c:4e ]  type 800  (IP)
IP:      < SRC =      10.1.13.92 >
IP:      < DST =      10.1.14.97 >  (devtest2)
IP:      ip_v=4, ip_hl=20, ip_tos=0, ip_len=44, ip_id=0, ip_off=0
IP:      ip_ttl=29, ip_sum=6e0e, ip_p = 6 (TCP)
TCP:     <source port=2051(epnsdp), destination port=6569 >
TCP:     th_seq=3587134425, th_ack=0
TCP:     th_off=6, flags<SYN>
TCP:     th_win=2048, th_sum=1513, th_urp=0
TCP:         mss 1460

Packet Number 2
ETH: ====( 60 bytes transmitted on interface en0 )==== 13:21:06.026053510
ETH:    [ 00:1a:64:ad:1c:4e -> 00:1f:c9:bd:b9:43 ]  type 800  (IP)
IP:      < SRC =      10.1.14.97 >  (devtest2)
IP:      < DST =      10.1.13.92 >
IP:      ip_v=4, ip_hl=20, ip_tos=0, ip_len=40, ip_id=57975, ip_off=0
IP:      ip_ttl=60, ip_sum=6c9a, ip_p = 6 (TCP)
TCP:     <source port=6569, destination port=2051(epnsdp) >
TCP:     th_seq=0, th_ack=3587134426
TCP:     th_off=5, flags<RST | ACK>
TCP:     th_win=0, th_sum=34bc, th_urp=0

Packet Number 3
ETH: ====( 60 bytes received on interface en0 )==== 13:21:07.026525419
ETH:    [ 00:1f:c9:bd:b9:43 -> 00:1a:64:ad:1c:4e ]  type 800  (IP)
IP:      < SRC =      10.1.13.92 >
IP:      < DST =      10.1.14.97 >  (devtest2)
IP:      ip_v=4, ip_hl=20, ip_tos=0, ip_len=44, ip_id=0, ip_off=0
IP:      ip_ttl=29, ip_sum=6e0e, ip_p = 6 (TCP)
TCP:     <source port=2051(epnsdp), destination port=6569 >
TCP:     th_seq=3587138041, th_ack=0
TCP:     th_off=6, flags<SYN>
TCP:     th_win=2048, th_sum=6f3, th_urp=0
TCP:         mss 1460

Packet Number 4
ETH: ====( 60 bytes transmitted on interface en0 )==== 13:21:07.026539486
ETH:    [ 00:1a:64:ad:1c:4e -> 00:1f:c9:bd:b9:43 ]  type 800  (IP)
IP:      < SRC =      10.1.14.97 >  (devtest2)
IP:      < DST =      10.1.13.92 >
IP:      ip_v=4, ip_hl=20, ip_tos=0, ip_len=40, ip_id=57976, ip_off=0
IP:      ip_ttl=60, ip_sum=6c99, ip_p = 6 (TCP)
TCP:     <source port=6569, destination port=2051(epnsdp) >
TCP:     th_seq=0, th_ack=3587138042
TCP:     th_off=5, flags<RST | ACK>
TCP:     th_win=0, th_sum=269c, th_urp=0

Packet Number 5
ETH: ====( 60 bytes received on interface en0 )==== 13:21:08.024898935
ETH:    [ 00:1f:c9:bd:b9:43 -> 00:1a:64:ad:1c:4e ]  type 800  (IP)
IP:      < SRC =      10.1.13.92 >
IP:      < DST =      10.1.14.97 >  (devtest2)
IP:      ip_v=4, ip_hl=20, ip_tos=0, ip_len=44, ip_id=0, ip_off=0
IP:      ip_ttl=29, ip_sum=6e0e, ip_p = 6 (TCP)
TCP:     <source port=2051(epnsdp), destination port=6569 >
TCP:     th_seq=3587141657, th_ack=0
TCP:     th_off=6, flags<SYN>
TCP:     th_win=2048, th_sum=f8d2, th_urp=0
TCP:         mss 1460

Packet Number 6
ETH: ====( 60 bytes transmitted on interface en0 )==== 13:21:08.024921011
ETH:    [ 00:1a:64:ad:1c:4e -> 00:1f:c9:bd:b9:43 ]  type 800  (IP)
IP:      < SRC =      10.1.14.97 >  (devtest2)
IP:      < DST =      10.1.13.92 >
IP:      ip_v=4, ip_hl=20, ip_tos=0, ip_len=40, ip_id=57977, ip_off=0
IP:      ip_ttl=60, ip_sum=6c98, ip_p = 6 (TCP)
TCP:     <source port=6569, destination port=2051(epnsdp) >
TCP:     th_seq=0, th_ack=3587141658
TCP:     th_off=5, flags<RST | ACK>
TCP:     th_win=0, th_sum=187c, th_urp=0

Packet Number 7
ETH: ====( 60 bytes received on interface en0 )==== 13:21:09.023192656
ETH:    [ 00:1f:c9:bd:b9:43 -> 00:1a:64:ad:1c:4e ]  type 800  (IP)
IP:      < SRC =      10.1.13.92 >
IP:      < DST =      10.1.14.97 >  (devtest2)
IP:      ip_v=4, ip_hl=20, ip_tos=0, ip_len=44, ip_id=0, ip_off=0
IP:      ip_ttl=29, ip_sum=6e0e, ip_p = 6 (TCP)
TCP:     <source port=2051(epnsdp), destination port=6569 >
TCP:     th_seq=3587145273, th_ack=0
TCP:     th_off=6, flags<SYN>
TCP:     th_win=2048, th_sum=eab2, th_urp=0
TCP:         mss 1460

Packet Number 8
ETH: ====( 60 bytes transmitted on interface en0 )==== 13:21:09.023216785
ETH:    [ 00:1a:64:ad:1c:4e -> 00:1f:c9:bd:b9:43 ]  type 800  (IP)
IP:      < SRC =      10.1.14.97 >  (devtest2)
IP:      < DST =      10.1.13.92 >
IP:      ip_v=4, ip_hl=20, ip_tos=0, ip_len=40, ip_id=57980, ip_off=0
IP:      ip_ttl=60, ip_sum=6c95, ip_p = 6 (TCP)
TCP:     <source port=6569, destination port=2051(epnsdp) >
TCP:     th_seq=0, th_ack=3587145274
TCP:     th_off=5, flags<RST | ACK>
TCP:     th_win=0, th_sum=a5c, th_urp=0

Packet Number 9
ETH: ====( 85 bytes transmitted on interface en0 )==== 13:21:09.062262682
ETH:    [ 00:1a:64:ad:1c:4e -> 00:1f:c9:bd:b9:43 ]  type 800  (IP)
IP:      < SRC =      10.1.14.97 >  (devtest2)
IP:      < DST =     10.1.13.126 >  (DEVTEST2)
IP:      ip_v=4, ip_hl=20, ip_tos=0, ip_len=71, ip_id=57981, ip_off=0
IP:      ip_ttl=30, ip_sum=8a48, ip_p = 17 (UDP)
UDP:     <source port=36911, <destination port=161(snmp) >
UDP:     [ udp length = 51 | udp checksum = a88 ]
UDP: 00000000     30290201 00040670 75626c69 63a01c02     |0)…..public…|
UDP: 00000010     01010201 00020100 3011300f 060b2b06     |……..0.0…+.|
UDP: 00000020     01040102 02010101 000500                |………..     |

Packet Number 10
ETH: ====( 1812 bytes transmitted on interface en0 )==== 13:21:09.648737534
ETH:    [ 00:1a:64:ad:1c:4e -> 00:1f:c9:bd:b9:43 ]  type 800  (IP)
IP:      < SRC =      10.1.14.97 >  (devtest2)
IP:      < DST =      10.1.11.14 >
IP:      ip_v=4, ip_hl=20, ip_tos=0, ip_len=1798, ip_id=57982, ip_off=0
IP:      ip_ttl=60, ip_sum=ffff, ip_p = 6 (TCP)
TCP:     <source port=62050, destination port=1918(can-nds) >
TCP:     th_seq=1033412937, th_ack=985700387
TCP:     th_off=8, flags<PUSH | ACK>
TCP:     th_win=33304, th_sum=5a8, th_urp=0
TCP:         nop
TCP:         nop
TCP:         timestamps TSVal: 0x51d4ae8a  TSEcho: 0x00655e7a
TCP: 00000000     04080600 1780077e 04008c00 00000000     |…….~……..|
TCP: 00000010     5e3d67a8 d3450000 028100e7 48000000     |^=g..E……H…|
TCP: 00000020     6f21c4ad 7f330000 02c6d223 0c000000     |o!…3…..#….|
TCP: 00000030     ed667655 8c745858 22020a01 0d7e88d0     |.fvU.tXX”….~..|
TCP: 00000040     51656dfb 00000083 0000c2cd 0002000a     |Qem………….|
TCP: 00000050     ffad03b0 00000000 23b018b9 115003dd     |……..#….P..|
TCP: 00000060     00030000 00000000 23b018b9 00000244     |……..#……D|
TCP: 00000070     00000001 00000002 00034445 56544553     |……….DEVTES|
TCP: 00000080     54323a4b 55582020 20202020 20202020     |T2:KUX          |
TCP: 00000090     20202020 20202020 20202020 20202020     |                |
TCP: ********

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s