[an error occurred while processing this directive]
HP OpenVMS Systems Documentation |
HP TCP/IP Services for OpenVMS
|
Previous | Contents | Index |
The following restrictions apply to using tcpdump on OpenVMS:
When packets are copied by the TCP/IP kernel, it places them into a ring buffer that is emptied by tcpdump . If packets are received fast enough, the ring will fill up and the TCP/IP kernel discards (drops) packets until tcpdump has caught up. Because tcpdump has not seen these dropped packets, it cannot tell whether they were relevant to the requested trace.
If the option -B is used, tcpdump indicates when the drops occur by issuing a BUFFERSFULL error. This can be useful if the drops occur outside the sequence being analyzed.
There are several methods for reducing the number of packet drops:
TCP/IP Services provides a call tracing facility that can be used to help characterize and debug the use of the sockets API for many applications.
To enable tracing, define the TCPIP$SOCKET_TRACE logical name. The logical name accepts the following arguments:
$ DEFINE TCPIP$SOCKET_TRACE 1 |
$ DEFINE TCPIP$SOCKET_TRACE SYS$LOGIN:TCPIP$SOCKET_TRACE.LOG |
$ DEFINE /SYSTEM TCPIP$SOCKET_TRACE SYS$SYSDEVICE:[LOGFILES] |
The following example shows a sample tracing:
23:35:47.48 +socket family: 2, type: 1, proto: 0 23:35:47.48 -socket chan: 0xf0, st: 0x1, iosb: 0x1 0 23:35:47.48 *setsockopt sock: 0xf0, lev: 0xffff, opt: 0x4, val: 1, len: 4 23:35:47.49 *bind44 socket: 0xf0, st: 0x1, iosb: 0x1 0 23:35:47.50 *listen sock: 0xf0, backlog: 5 23:35:47.51 +accept44 chan: 0xf0 23:35:54.04 -accept44 rtchan: 0x100, st: 0x1, iosb: 0x1 0 23:35:54.04 *getpeername44 sock: 0x100 23:35:54.04 +send_64 sock: 0x100, addr: 0x7AEF7A00, len: 28, flags: 0x0 23:35:54.04 -send_64 st: 0x1, iosb: 0x1 28 23:35:54.04 *shutdown sock: 0x100, how: 2 23:35:54.05 *close sock: 0x100, st: 0x1 23:35:54.05 *close sock: 0xf0, st: 0x1 |
In this example, you can see the application opening a socket, setting socket options, binding, listening, accepting, sending data, and so forth.
Lines beginning with a plus sign (+) indicate that the relevent routine is being entered. There is usually a line beginning with a minus sign (-) soon after, when the routine returns. For routines that normally return right away, only one line is displayed, beginning with an asterisk (*).
This facility does not trace QIOs and other system services. |
After verifying that the underlying transport is working, check to see whether the remote host can be reached by its host name. If your name server resides on a remote system, make sure your resolver configuration specifies that system. To determine whether the resolver is pointing to the correct server, enter the following command:
TCPIP> SHOW NAME_SERVICE BIND Resolver Parameters Local domain: lkg.dec.com System State: Started, Enabled Transport: UDP Domain: lkg.dec.com Retry: 4 Timeout: 4 Servers: rufus.lkg.dec.com, peach.lkg.dec.com Path: lkg.dec.com Process State: Enabled Transport: Domain: Retry: Timeout: Servers: Path: |
Make sure the remote servers are reachable (using ping ) and that they are valid name servers.
If your name server resides on the local system, use the SHOW NAME_SERVICE command to make sure your resolver points to localhost .
Next, verify that the TCPIP$BIND process is enabled and running. First, enter the following command to determine whether TCPIP$BIND is enabled:
TCPIP> SHOW SERVICE Service Port Proto Process Address State BIND 53 TCP,UDP TCPIP$BIND 0.0.0.0 Enabled DHCP 67 UDP TCPIP$DHCP 0.0.0.0 Enabled DIOSERVER 1451 TCP CLM 0.0.0.0 Disabled ECHO 7 TCP MULTI 0.0.0.0 Disabled ESNMP 705 UDP ESNMP 0.0.0.0 Disabled FINGER 79 TCP TCPIP$FINGER 0.0.0.0 Enabled FTP 21 TCP TCPIP$FTP 0.0.0.0 Enabled HELLO 12345 TCP HELLO_WORLD 0.0.0.0 Disabled JOHN 520 UDP UCX$ROUTER 0.0.0.0 Disabled LBROKER 6570 UDP TCPIP$LBROKER 0.0.0.0 Disabled LPD 515 TCP TCPIP$LPD 0.0.0.0 Enabled MATT 5432 TCP TCPIP$RLOGIN 0.0.0.0 Disabled METRIC 570 UDP TCPIP$METRIC 0.0.0.0 Enabled MOUNT 10 TCP,UDP TCPIP$MOUNTD 0.0.0.0 Enabled NFS 2049 UDP TCPIP$NFS 0.0.0.0 Enabled NOTES 3333 TCP NOTESRVR 0.0.0.0 Enabled NTP 123 UDP TCPIP$NTP 0.0.0.0 Enabled PCNFS 5151 TCP,UDP TCPIP$PCNFSD 0.0.0.0 Enabled POP 110 TCP TCPIP$POP 0.0.0.0 Enabled PORTMAPPER 111 TCP,UDP TCPIP$PORTM 0.0.0.0 Enabled REXEC 512 TCP TCPIP$REXEC 0.0.0.0 Enabled RLOGIN 513 TCP not defined 0.0.0.0 Enabled RSH 514 TCP TCPIP$RSH 0.0.0.0 Enabled SMTP 25 TCP TCPIP$SMTP 0.0.0.0 Enabled SNMP 161 UDP TCPIP$SNMP 0.0.0.0 Enabled TELNET 23 TCP not defined 0.0.0.0 Enabled TFTP 69 UDP TCPIP$TFTP 0.0.0.0 Enabled XDM 177 UDP TCPIP$XDM 0.0.0.0 Enabled |
If the BIND process is enabled, it will appear in the display.
Then determine whether the BIND process is running by entering the following command:
$ SHOW SYSTEM /NETWORK OpenVMS V7.1-1H2 on node RUFUS 27-JUN-2000 16:45:46.84 Uptime 16 01:55:35 Pid Process Name State Pri I/O CPU Page flts Pages 2FC0021F TCPIP$NTP LEF 10 2042786 0 00:02:03.43 657 190 N 2FC00221 TCPIP$LBROKER LEF 9 3779921 0 00:06:27.51 652 271 N 2FC05046 TCPIP$POP_1 HIB 10 243688 0 00:00:48.42 955 598 N 2FC00289 TCPIP$PORTM LEF 10 13289 0 00:00:03.23 614 189 N 2FC0628F TCPIP$RE_BG1879 LEF 6 1647 0 00:00:00.96 1709 612 N 2FC0089A NFS$SERVER LEF 10 89284 0 00:00:19.28 978 580 N 2FC06C9E NOTES$00CD_2* HIB 6 208844 0 00:01:22.65 1932 152 N 2FC03EC7 TCPIP$BIND_1 LEF 10 515297 0 00:01:26.06 972 322 N 2FC01CF6 TCPIP$PCNFSD LEF 10 326 0 00:00:00.27 660 228 N $ |
If the TCPIP$BIND_1 process is not running, look for errors in the SYS$SPECIFIC:[TCPIP$BIND]TCPIP$BIND_RUN.LOG file.
To reduce the possibility of a name server being unavailable, you might
configure more than one name server on your network. This way, if the
primary name server is unreachable or unresponsive, the resolver can
query the other name server.
1.2.8 Checking the Route to a Remote Host
If you receive "network unreachable" messages, you may be experiencing a routing problem. You can easily detect whether the problem is with your local routing table by doing the following:
TCPIP> netstat -rn Routing tables Destination Gateway Flags Refs Use Interface Route Tree for Protocol Family 2 default 16.20.0.173 UG 17 1526068 WE0 10.10/16 16.20.208.154 UGS 0 204911 WE0 10.10.39/25 10.10.39.2 U 2 17942 BE0 16.20/16 16.20.208.100 U 45 6219676 WE0 16.20/16 16.20.208.208 U 0 0 WE0 127.0.0.1 127.0.0.1 UH 1 69844 LO0 Route Tree for Protocol Family 26 ::1 Link#1 UH 0 0 LO0 ff01::/16 Link#1 U 0 0 LO0 |
$ TCPIP SHOW ROUTE /PERMANENT /DEFAULT $ TCPIP SHOW ROUTE /DEFAULT |
$ TCPIP SHOW ROUTE /PERMANENT /DEFAULT PERMANENT Type Destination Gateway PN 0.0.0.0 rufus.lkg.dec.com $ TCPIP SHOW ROUTE /DEFAULT DYNAMIC Type Destination Gateway DN 0.0.0.0 10.10.2.66 $ |
$ TCPIP SET ROUTE /DEFAULT /GATE=n.n.n.n |
* Do you want to configure dynamic ROUTED or GATED routing [NO]: |
The current configuration for the default route is: PERMANENT Type Destination Gateway PN 0.0.0.0 rufus.lkg.dec.com * Do you want to reconfigure a default route [YES]: Enter the Default Gateway host name []: |
The traceroute command helps you locate problems between the local host and the remote destination by tracing the route of UDP packets from the local host to a remote host. Tracing attempts to determine the name and IP address of each gateway along the route to the remote host.
The traceroute command works by sending UDP packets with small time-to-live (TTL) values and an invalid port number to the remote system. The TTL values increase in increments of one for each group of three UDP packets sent. When a gateway receives a packet, it decrements the TTL. If the TTL is zero, the packet is not forwarded, and an ICMP "time exceeded" message is returned.
Intermediate gateways are detected when they return an ICMP "time exceeded" message. When traceroute receives an "invalid port" message, it knows that it reached the remote destination. ( traceroute operates by intentionally using an invalid port.) When traceroute receives this message, it knows it has reached the destination host and terminates the trace. In this way, traceroute develops a list of gateways starting at one hop away, and increasing one hop at a time until the remote host is reached.
For more information about using
traceroute
, see Appendix A.
1.2.10 Determine Whether Network Services Are Available
The auxiliary server functions like the UNIX internet daemon ( inetd ) by managing access to the network services. The auxiliary server assigns standard port numbers to services such as the BOOTP, SMTP, or FTP servers, and starts the appropriate image after receiving an incoming request.
To verify correct operation of a service, you need to verify that the service:
To display the services database, enter the SHOW SERVICE command. For example:
TCPIP> SHOW SERVICE (1) (2) (3) (4) (5) (6) Service Port Proto Process Address State FINGER 79 TCP TCPIP$FINGER 0.0.0.0 Disabled FTP 21 TCP TCPIP$FTP 0.0.0.0 Enabled LPD 515 TCP TCPIP$LPD 0.0.0.0 Enabled MOUNT 10 UDP TCPIP$NFS_M 0.0.0.0 Enabled NFS 2049 UDP TCPIP$NFS 0.0.0.0 Enabled NTP 123 UDP TCPIP$NTP 0.0.0.0 Enabled PCNFS 5151 TCP,UDP TCPIP$PCNFSD 0.0.0.0 Enabled POP 110 TCP TCPIP$POP 0.0.0.0 Enabled PORTMAPPER 111 TCP,UDP TCPIP$PORTM 0.0.0.0 Enabled REXEC 512 TCP TCPIP$REXEC 0.0.0.0 Enabled RLOGIN 513 TCP not defined 0.0.0.0 Enabled RSH 514 TCP TCPIP$RSH 0.0.0.0 Enabled SMTP 25 TCP TCPIP$SMTP 0.0.0.0 Enabled SNMP 161 UDP TCPIP$SNMP 0.0.0.0 Enabled TELNET 23 TCP not defined 0.0.0.0 Enabled TFTP 69 UDP TCPIP$TFTP 0.0.0.0 Enabled |
In this example, the finger service was configured with TCPIP$CONFIG. However, at some point, finger was disabled either by a TCPIP management command or by an incremental shutdown of the service. |
Each service should have the following items defined in the services database:
If these items are not defined correctly, or if the service account privileges and file protections are not assigned correctly, the service will fail to respond to an incoming request. This failure may be logged in the service-specific log file.
To display information about a service, enter the TCPIP command SHOW SERVICE /FULL and specify the service name. For example:
$ TCPIP TCPIP> SHOW SERVICE /FULL TELNET Service: TELNET (1) State: Enabled Port: 23 Protocol: TCP Address: 0.0.0.0 Inactivity: 1 User_name: not defined Process: not defined Limit: 57 Active: 12 Peak: 14 File: not defined Flags: Listen Rtty Socket Opts: Keepalive Rcheck Scheck (2) Receive: 3000 Send: 3000 Log Opts: Actv Dactv Conn Error Logi Logo Mdfy Rjct (3) File: not defined Security (4) Reject msg: not defined Accept host: 0.0.0.0 Accept netw: 0.0.0.0 TCPIP> |
To check the privileges associated with a service's process, enter a command for the process, as follows:
$ INSTALL LIST/FULL TCPIP$SMTP_RECEIVER DISK$VMS721:<SYS0.SYSCOMMON.SYSEXE>.EXE TCPIP$SMTP_RECEIVER;1 Open Hdr Shared Prv Entry access count = 20 Current / Maximum shared = 1 / 1 Global section count = 1 Privileges = SYSPRV Authorized = SYSPRV $ INSTALL LIST/FULL TCPIP$FTP_CHILD DISK$VMS721:<SYS0.SYSCOMMON.SYSEXE>.EXE TCPIP$FTP_CHILD;1 Open Hdr Shared Prv Entry access count = 42 Current / Maximum shared = 1 / 3 Global section count = 1 Privileges = PSWAPM OPER Authorized = PSWAPM OPER |
Previous | Next | Contents | Index |