DOCSLIB.ORG

TCP/IP Monitoring by Trevor Eddolls

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
TCP/IP Monitoring by Trevor Eddolls TCP/IP Monitoring By Trevor Eddolls TCP/IP stacks are NETSTAT ARP ALL|ipaddress displays ARP cache for the MAINFRAME-BASED ubiquitous, and are TCP/IP stack. used to allow access to mainframe data from other platforms and to NETSTAT DEV displays the status of the device(s) and link(s) transfer files around the network. for the TCP/IP stack. Accessing mainframe data can be achieved using a telnet service NETSTAT GATE|ROUTE displays routing information for the called TN3270E (in reality a standard 3270 screen protocol inside spe- TCP/IP stack. cial headers and trailers giving a telnet packet). There are TCP/IP NETSTAT HOME displays IP address(es) for the stack. stacks on the mainframe platform and on the other platforms (e.g. PCs and UNIX boxes) in the network and they handle the necessary hand- NETSTAT commands are probably most useful when you already shaking and verification to ensure the data is transferred successfully. have some idea of what the problem is and you are looking for more A socket interface is then used at the mainframe end to connect with information. Although NETSTAT commands indicate active ports, CICS, for example. they provide little information about non-TCP activity on the network Data transfer uses FTP. The mainframe and the other platforms use (such as UDP, ICMP, and OSPF) because these protocols are connec- the TCP/IP protocol to ensure that all the packets that are sent arrive tionless in nature. There is no way of showing connections being successfully. rejected because a server is down or simply unable to accept new con- When there is a problem with the network, it can be very hard to nections. Another difficulty with NETSTAT is that users must remem- identify. In fact, it can be hard deciding where to look first. There are ber the commands (or create a REXX EXEC containing them). There many ways of finding out where problems may have occurred and this is no simple GUI (Graphical User Interface). NETSTAT commands do article describes some of them. not form the basis for regular monitoring because of the potentially large amount of data that can be returned and the difficulty of doing COMMANDS anything with this data—like having to screen scrape it into another application. Let’s start with the simplest method, which is to use NETSTAT Another useful command is PING. This is used to test the connec- commands. The NETSTAT command is used to display the TCP/IP tion between the local server and a remote server. The name and pass- network protocol statistics and information. It can be used from word of the administrator client issuing this command must be defined Windows and UNIX platforms as well as from the mainframe. With on the remote server and the person issuing the command must have USS, the command is ONETSTAT. The following commands can be system privilege. used from TSO: To test the connection to a server called server1 the command would be: NETSTAT option {TCP procname} displays the network status ping server server1 of the local host. ? can be used for a list of all the options. From TSO: NETSTAT ALLCON|CONN displays port connections for the TCP/IP stack. PING hostname Technical Support | February 2005 ©2005 Technical Enterprises, Inc. Reproduction of this document without permission is prohibited. This would send an echo request to a host V TCPIP,{procname},Telnet,xxxx to SNMP public MIBs name or address to determine whether the perform a specified function for TELNET. z/OS extensions computer is accessible. OSA/ATM PING can also be used as a simple measure VTAM commands related to OSA cards OMPRoute of response time. PING sends out a block of that might be useful include: SLA subagent data using an ICMP echo request. The response time is how long it takes for that D NET,ID=name displays the network It makes use of the OSNMP and SNMPQE block of data to be returned. It is not a reliable named in the ID field. Additional address spaces. To get information from other measure of response time because most users parameters that may be added include: platforms, it makes use of agents. Both these are not using ICMP (which may travel over a ,SCOPE=ONLY|ACT|ALL|INACT,E things have a negative impact on performance. different route through the network compared which gives extended information about SNMP would seem like the ideal way to to TCP or UDP traffic), ICMP packets can be the node. monitor IP-related data. However, the infor- given different priorities by intermediate D NET,MAJNODES|APPLS shows the mation is retrieved by polling. This means routers, and users send and receive different status of all the active major nodes or there is always a delay between the informa- sized packets. Another problem is that sending applications. tion being stored in the MIB and being avail- a host of PINGs is a way to attack a stack, so D NET,PENDING lists all the nodes in able to the monitoring software. The second firewalls are often configured to block PINGs. pending states. problem is that every data item in the MIB has The traceroute command is used to identify V NET,ACT,ID=name activates the its own unique address or textual name. This the hops from one part of the network to the VTAM resource identified by the name. has to be supplied by the monitor in each GET next. With z/OS, the command is TRAC- V NET,INACT,ID=name inactivates the instruction. As each GET request requires one ERTE, with DOS it’s tracert, and with UNIX VTAM resource identified by the name. UDP datagram to be sent to the SNMP port it’s traceroute. From TSO you would enter: (161) on z/OS, and the response from the sub- SMF RECORDS agent is another UDP datagram, this adds to TRACERTE hostname the load on the network. SMF records can be used to provide infor- MVS or VTAM commands can be used to mation on mainframe performance, not just TRACES help diagnose TCP/IP performance problems. TCP/IP. With OS/390, type 118 SMF records z/OS console commands for TCP/IP include: provide data on TCP initiation, TCP termina- Packet traces can be very useful in identify- tion, ftp servers, ftp clients, and statistics. ing where a problem is. It works by allowing a D TCPIP to list the names and status of z/OS has type 119 SMF records, which pro- monitor product to be aware of all the IP pack- TCP/IP stacks. vides data on TCP initiation, TCP termination, ets flowing through the TCP/IP stack (and this D TCPIP,{procname},HELP to display ftp servers, ftp clients, statistics, servers, and includes UDP, ICMP, and OSPF packets). This a list of TCP/IP display options. interface. It also includes round-trip times and interface is event driven. The monitor builds a D TCPIP,{procname},Netstat, retransmissions for each TCP connection in complete picture of all IP-related activity, in ALLCONN|CONN to display socket the TCP termination record. Software can then real-time, by analyzing the packet headers, information for the TCP/IP stack. pick up the information from the SMF together with the maintenance of statistics D TCPIP,{procname},Netstat,ARP to records. The good news is that SMF exit- based on packet counts and lengths. display the contents of the ARP cache based monitoring forces the collection of There are two big drawbacks with this way for the TCP/IP stack. SMF records from TCP/IP. The downside is of monitoring. First, the amount of CPU time, D TCPIP,{procname},Netstat,DEVlinks that if the information is not needed there is paging rates, and virtual storage required can be to display device and link status for the an unnecessary system overhead with the large—and increases whenever the network TCP/IP stack. associated performance implication. traffic increases. Second, there can be a prob- D TCPIP,{procname},Netstat,HOME lem with selecting what data will be monitored. to display the IP address(es) for the SNMP TCP/IP stack. TCP1/IP MONITORING SOFT- D TCPIP,{procname},Netstat,ROUTE Most network hardware and software ven- WARE to display the routing table for the dors implement SNMP (Simple Network TCP/IP stack. Management Protocol) Management Inform- What’s needed is software that gives users V TCPIP,{procname},HELP to display ation Bases (MIBs) or diagnostic databases in real-time information about problems as they a list of TCP/IP vary options. their products. Various products provide are developing, and historical information for V TCPIP,{procname},PURGECACHE, generic access to SNMP MIBs. Usually a identifying trends. An easy to understand pic- linkname to purge the ARP cache for the vendor provides a product to access its own ture with drill-down ability would also be specified adapter (linkname is found from MIBs. Monitors accessing the data held in the nice. More over, the product should not dupli- the NETSTAT,DEVLINKS command). MIBs use the UDP-based SNMP protocol. cate information already on the system or V TCPIP,{procname},START|STOP, TCP/IP stack errors can often be found by consume too much valuable system resource devname to start or stop the device using SNMP. The z/OS MIB (1.2, 1.3, and acquiring and presenting the information. name identified in the NETSTAT DEV 1.4) has hundreds of variables. The major sec- And that’s what most of the third-party soft- output. tions in the z/OS MIB are: ware does.
Load more

Recommended publications
  • Mac Keyboard Shortcuts Cut, Copy, Paste, and Other Common Shortcuts
    Mac keyboard shortcuts By pressing a combination of keys, you can do things that normally need a mouse, trackpad, or other input device. To use a keyboard shortcut, hold down one or more modifier keys while pressing the last key of the shortcut. For example, to use the shortcut Command-C (copy), hold down Command, press C, then release both keys. Mac menus and keyboards often use symbols for certain keys, including the modifier keys: Command ⌘ Option ⌥ Caps Lock ⇪ Shift ⇧ Control ⌃ Fn If you're using a keyboard made for Windows PCs, use the Alt key instead of Option, and the Windows logo key instead of Command. Some Mac keyboards and shortcuts use special keys in the top row, which include icons for volume, display brightness, and other functions. Press the icon key to perform that function, or combine it with the Fn key to use it as an F1, F2, F3, or other standard function key. To learn more shortcuts, check the menus of the app you're using. Every app can have its own shortcuts, and shortcuts that work in one app may not work in another. Cut, copy, paste, and other common shortcuts Shortcut Description Command-X Cut: Remove the selected item and copy it to the Clipboard. Command-C Copy the selected item to the Clipboard. This also works for files in the Finder. Command-V Paste the contents of the Clipboard into the current document or app. This also works for files in the Finder. Command-Z Undo the previous command. You can then press Command-Shift-Z to Redo, reversing the undo command.
    [Show full text]
  • This Document Explains How to Copy Ondemand5 Data to Your Hard Drive
    Copying Your Repair DVD Data To Your Hard Drive Introduction This document explains how to copy OnDemand5 Repair data to your hard drive, and how to configure your OnDemand software appropriately. The document is intended for your network professional as a practical guide for implementing Mitchell1’s quarterly updates. The document provides two methods; one using the Xcopy command in a DOS window, and the other using standard Windows Copy and Paste functionality. Preparing your System You will need 8 Gigabytes of free space per DVD to be copied onto a hard drive. Be sure you have the necessary space before beginning this procedure. Turn off screen savers, power down options or any other program that may interfere with this process. IMPORTANT NOTICE – USE AT YOUR OWN RISK: This information is provided as a courtesy to assist those who desire to copy their DVD disks to their hard drive. Minimal technical assistance is available for this procedure. It is not recommended due to the high probability of failure due to DVD drive/disk read problems, over heating, hard drive write errors and memory overrun issues. This procedure is very detailed and should only be performed by users who are very familiar with Windows and/or DOS commands. Novice computers users should not attempt this procedure. Copying Repair data from a DVD is a time-consuming process. Depending on the speed of your processor and/or network, could easily require two or more hours per disk. For this reason, we recommend that you perform the actual copying of data during non-business evening or weekend hours.
    [Show full text]
  • Powerview Command Reference
    PowerView Command Reference TRACE32 Online Help TRACE32 Directory TRACE32 Index TRACE32 Documents ...................................................................................................................... PowerView User Interface ............................................................................................................ PowerView Command Reference .............................................................................................1 History ...................................................................................................................................... 12 ABORT ...................................................................................................................................... 13 ABORT Abort driver program 13 AREA ........................................................................................................................................ 14 AREA Message windows 14 AREA.CLEAR Clear area 15 AREA.CLOSE Close output file 15 AREA.Create Create or modify message area 16 AREA.Delete Delete message area 17 AREA.List Display a detailed list off all message areas 18 AREA.OPEN Open output file 20 AREA.PIPE Redirect area to stdout 21 AREA.RESet Reset areas 21 AREA.SAVE Save AREA window contents to file 21 AREA.Select Select area 22 AREA.STDERR Redirect area to stderr 23 AREA.STDOUT Redirect area to stdout 23 AREA.view Display message area in AREA window 24 AutoSTOre ..............................................................................................................................
    [Show full text]
  • Creating and Formatting Partitions
    Creating and formatting partitions Home Download Docs FAQ Forum Creating and formatting partitions SUNDAY, 14 NOVEMBER 2010 12:27 JAY Creating & formatting partitions in Porteus There are two ways to do things in Porteus. Using a GUI (graphical User Interface) or from a console prompt. If you prefer using a GUI then you can download a module called 'gparted' which takes care of creating and modifying partitions. Double click the module from within Porteus to activate it or place the module in the modules folder if you want it to be available automatically when you boot Porteus. Click here to get gparted. Once activated it should appear in your menu system and you can start it and create your partitions. If it does not exist in the menu then open a console and type: gparted Creating partitions from a console: There is a built in application to modify your partition table in Porteus. It is called cfdisk and gives you a CUI (console user interface) to manage your partition through. Simply open your console and type: cfdisk Another built in function for modifying partitions is called fdisk which also uses a CUI. The benefit of fdisk is that it can be called from a script. You should know the path of your USB device before using this option which you can get from typing: fdisk -l at console. Once you know the path of your USB device you would start fdisk by typing: fdisk /dev/sdb where sdb is the path of your usb. Don't include the number on the end (for example /dev/sdb1) as you will need to modify the entire devices partition table.
    [Show full text]
  • Configuring Your Login Session
    SSCC Pub.# 7-9 Last revised: 5/18/99 Configuring Your Login Session When you log into UNIX, you are running a program called a shell. The shell is the program that provides you with the prompt and that submits to the computer commands that you type on the command line. This shell is highly configurable. It has already been partially configured for you, but it is possible to change the way that the shell runs. Many shells run under UNIX. The shell that SSCC users use by default is called the tcsh, pronounced "Tee-Cee-shell", or more simply, the C shell. The C shell can be configured using three files called .login, .cshrc, and .logout, which reside in your home directory. Also, many other programs can be configured using the C shell's configuration files. Below are sample configuration files for the C shell and explanations of the commands contained within these files. As you find commands that you would like to include in your configuration files, use an editor (such as EMACS or nuTPU) to add the lines to your own configuration files. Since the first character of configuration files is a dot ("."), the files are called "dot files". They are also called "hidden files" because you cannot see them when you type the ls command. They can only be listed when using the -a option with the ls command. Other commands may have their own setup files. These files almost always begin with a dot and often end with the letters "rc", which stands for "run commands".
    [Show full text]
  • System Analysis and Tuning Guide System Analysis and Tuning Guide SUSE Linux Enterprise Server 15 SP1
    SUSE Linux Enterprise Server 15 SP1 System Analysis and Tuning Guide System Analysis and Tuning Guide SUSE Linux Enterprise Server 15 SP1 An administrator's guide for problem detection, resolution and optimization. Find how to inspect and optimize your system by means of monitoring tools and how to eciently manage resources. Also contains an overview of common problems and solutions and of additional help and documentation resources. Publication Date: September 24, 2021 SUSE LLC 1800 South Novell Place Provo, UT 84606 USA https://documentation.suse.com Copyright © 2006– 2021 SUSE LLC and contributors. All rights reserved. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or (at your option) version 1.3; with the Invariant Section being this copyright notice and license. A copy of the license version 1.2 is included in the section entitled “GNU Free Documentation License”. For SUSE trademarks, see https://www.suse.com/company/legal/ . All other third-party trademarks are the property of their respective owners. Trademark symbols (®, ™ etc.) denote trademarks of SUSE and its aliates. Asterisks (*) denote third-party trademarks. All information found in this book has been compiled with utmost attention to detail. However, this does not guarantee complete accuracy. Neither SUSE LLC, its aliates, the authors nor the translators shall be held liable for possible errors or the consequences thereof. Contents About This Guide xii 1 Available Documentation xiii
    [Show full text]
  • Service Information
    Service Information VAS Tester Number: AVT-14-20 Subject: VAS Diagnostic Device Hard Disc Maintenance Date: Sept. 24, 2014 Supersedes AVT-12-12 due to updated information. 1.0 – Introduction If persistent diagnostic software or Windows® 7 operating system error messages are displayed while installing or using the diagnostic software, use the Windows CHKDSK utility to check hard disk integrity and fix logical file system errors. CHKDSK can also handle some physical errors and may be able to recover lost data that is readable. We recommend the CHKDSK utility be run on a regular basis on all VAS diagnostic devices in service. Consult with your dealership Systems Administrator or IT Professional about checking the integrity of the hard disk as described below on a regular basis, as well as regular performance of the Windows DEFRAG utility. 2.0 – Procedure Prerequisites: Device plugged into power adapter and booted to Windows desktop 1. Go to Windows Start > Computer 2. Right click/select Local Disk (C:) and select Properties from the dropdown menu: Continued… 2/ Page 1 of 3 © 2014 Audi of America, Inc. All rights reserved. Information contained in this document is based on the latest information available at the time of printing and is subject to the copyright and other intellectual property rights of Audi of America, Inc., its affiliated companies and its licensors. All rights are reserved to make changes at any time without notice. No part of this document may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, nor may these materials be modified or reposted to other sites, without the prior expressed written permission of the publisher.
    [Show full text]
  • 13 Using the Do-File Editor—Automating Stata
    13 Using the Do-file Editor—automating Stata The Do-file Editor Stata comes with an integrated text editor called the Do-file Editor, which can be used for many tasks. It gets its name from the term do-file, which is a file containing a list of commands for Stata to run (called a batch file or a script in other settings). See [U] 16 Do-files for more information. Although the Do-file Editor has advanced features that can help in writing such files, it can also be used to build up a series of commands that can then be submitted to Stata all at once. This feature can be handy when writing a loop to process multiple variables in a similar fashion or when doing complex, repetitive tasks interactively. To get the most from this chapter, you should work through it at your computer. Start by opening the Do-file Editor, either by clicking on the Do-file Editor button, , or by typing doedit in the Command window and pressing Enter. The Do-file Editor toolbar The Do-file Editor has 15 buttons. Many of the buttons share a similar purpose with their look-alikes in the main Stata toolbar. If you ever forget what a button does, hover the mouse pointer over a button, and a tooltip will appear. New: Open a new do-file in a new tab in the Do-file Editor. Open: Open a do-file from disk in a new tab in the Do-file Editor. Save: Save the current file to disk.
    [Show full text]
  • Tectips: Hidden FDISK(32) Options
    WHITE PAPER TecTips: Hidden FDISK(32) Options Guide Previously Undocumented Options of the FDISK Utility Released Under Microsoft Windows95™ OSR2 or Later Abstract 2 Document Conventions 2 Read This First 3 Best-Case Scenario 3 Windows Startup Disk 3 How to apply these options 3 FDISK(32) Options 4 Informational Options 4 Behavioral Options 5 Functional Options 6 February, 2000 Content ©1999 StorageSoft Corporation, all rights reserved Authored by Doug Hassell, In-house Technical Writer StorageSoft White Paper page 2 FDISK(32) Command Line Options Abstract Anyone that remembers setting-up Windows 3.x or the first Win95 release surely knows of the text-based utility, fdisk.exe. Some of those may even be aware of the few, documented switches, such as /status, /x or even the commonly referenced /mbr. Even fewer would be aware of the large table of undocumented command-line options - including automated creation, reboot behavior, and other modifiers - which we will divulge in this document. Note that all options given here are not fully tested, nor are they guaranteed to work in all scenarios, all commands referenced apply to the contemporary release of Win95 (OSR2 - version “B” - or later, including Win98 and the up-and-coming Millennium™ edition). For our recommendation on how to use these swtiches, please refer to the “Read This First” section. Document Conventions In this document are certain references that deserve special recognition. This is done through special text- formatting conventions, described here… v Words and phrases of particular importance will stand-out. Each occurrence of this style will generally indicate a critical condition or pitfall that deserves specific attention.
    [Show full text]
  • Partition-Rescue
    Partition-Rescue Revision History Revision 1 2008-11-24 09:27:50 Revised by: jdd mainly title change in the wiki Partition-Rescue Table of Contents 1. Revision History..............................................................................................................................................1 2. Beginning.........................................................................................................................................................2 2.1. What's in...........................................................................................................................................2 2.2. What to do right now?.......................................................................................................................2 2.3. Legal stuff.........................................................................................................................................2 2.4. What do I need to know right now?..................................................................................................3 3. Technical info..................................................................................................................................................4 3.1. Disks.................................................................................................................................................4 3.2. Partitions...........................................................................................................................................4 3.3. Why is
    [Show full text]
  • Class-4 Computer L-5 Introduction to Microsoft Word 2016
    CLASS-4 COMPUTER L-5 INTRODUCTION TO MICROSOFT WORD 2016 BOOK EXERCISE A. Tick () the correct options. 1. Which of the following is an extension of Microsoft Word document? a. .dod ( ) b. .docx () c. .dob ( ) 2. A vertical blinking line in a Word document is called a. pointer ( ) b. indicator ( ) c. cursor () 3. Which of the following is pressed to cancel the last action? a. Ctrl + X ( ) b. Ctrl + Z () c. Ctrl + Y ( ) 4. In which ribbon is the FONT group present? a. Insert ( ) b. Home () c. Review ( ) 5. To create a duplicate copy of a text in a Word document, you use Copy and Paste. a. Cut and Paste ( ) b. Copy and Paste () c. Redo and Paste ( ) B. Fill in the blanks. Italic cut word processor cursor’s clipboard 1. Microsoft Word is a word processor. 2. To create a document, you simply start typing text from the cursor’s position. 3. The paste button is present in the clipboard group. 4. The keyboard shortcut Ctrl + X is used to cut the selected text. 5. The italic button gives a tilted effect to the text. CLASS-4 COMPUTER L-5 INTRODUCTION TO MICROSOFT WORD 2016 C. State ‘True’ or ‘False’. 1. Saving a document is required if you want to use it in future. True 2. The Undo command cancels the last action performed. True 3. The Cut and Paste command is used to create copy of the selected text. False 4. The Paste option is always highlighted after Copy or Cut operation. True 5. To open an existing document, click Home>> Open.
    [Show full text]
  • 15-744 Computer Networks — Spring 2017 Homework 2 Due by 3/2/2017, 10:30Am (Please Submit Through E-Mail to [email protected] and [email protected])
    15-744 Computer Networks | Spring 2017 Homework 2 Due by 3/2/2017, 10:30am (please submit through e-mail to [email protected] and [email protected]) Name: A Congestion Control 1. At time t, a TCP connection has a congestion window of 4000 bytes. The maximum segment size used by the connection is 1000 bytes. What is the congestion window after it sends out 4 packets and receives ACKs for all of them. (a) If the connection is in slow-start? Solution: 8000 bytes. In slow start, the sender increases its window for each byte successfully received. (b) If the connection is in congestion avoidance (AIMD mode)? Solution: 5000 bytes. The sender increases its window by one segment each window. 2. In congestion avoidance (CA) mode, a TCP sender increases the size of its congestion window by one maximum segment size (MSS) each RTT. Suppose a TCP implementation does this by increasing its congestion window by ∆ every time it receives an ACK, where MSS ∆ = · MSS current window size Knowing this, how can a greedy TCP receiver get more than its fair share of the link bandwidth? (Hint: Remember that the sequence number acknowledged by an ACK doesn't refer to a packet, but rather to a byte in the data stream.) Solution: The greedy receiver can send more than one ACK per MSS. For example, if the first packet from the sender contains bytes 0 − 999, the receiver might send two ACKs: one for byte 500 and one for byte 1000. Since the sender increases its window by ∆ for every ACK, it increases its window by 2∆ when it should only increase by ∆.
    [Show full text]