Showing results for 
Search instead for 
Did you mean: 

debugging a tcp socket connection

Go to solution
Mark Greene_1
Honored Contributor

debugging a tcp socket connection

Is there a debugger or log file that I can use to examine the traffic for a tcp socket connection, or do I have to use a sniffer?

I am trying to get a xyplex terminal server to connect to my L2000 running 11.0. The counters on the port on the xyplex show that the output count and remote connect increase, but the input count remains at zero.

grepping the netstat -a output for the IP address of the termserver show multiple connections in TIME_WAIT and one ESTABLISHED. Repeated runs shows that the ESTABLISHED session eventually dies (timeout?) and the next connection in the list goes from TIME_WAIT to ESTABLISHED and repeats the cycle.

I am wanting to be able to determine if it is the terminal server that is failing the connection, or the application on the HP so I know which vendor to call.

the future will be a lot like now, only later
Daimian Woznick
Trusted Contributor

Re: debugging a tcp socket connection

You may find the following tools useful:

libpcap (required for the utilities listed below)
A system-independent interface for packet capture. It provides a portable framework for low-level network monitoring in the form of a include files and a library that be linked against, as is done with the tcpdump package.

A tool for network monitoring and data acquisition. It is loosely based on SMI's etherfind utility but has been extensively rewritten so that none of the original code remains. It uses the includes and library from the libpcap package, which must be obtained and installed first before installing tcpdump itself.

A program that analyses the networks streams. Nstreams analyses the networks streams occurring on a network and prints them in a human readable form. This is useful when you want to set up a firewall but do not know the needs of your customers. Nstreams can read tcpdump output files or directly listen on a given interface.

A TCP connection log analysis tool. Tcptrace takes a tcpdump file specified on the command line and produces a summary of the connections. It can create output suitable for throughput graphs, rtt sample graphs, time sequence graphs and more. It also has extensive connection filtering options.

Capture transmitted data on TCP flows. Tcpflow captures data transmitted as part of TCP connections, and stores it in a way that is convenient for protocol analysis. It reconstructs the actual data streams and stores each flow in a separate file for later analysis.

All of the above are available from the porting center.
A. Clay Stephenson
Acclaimed Contributor

Re: debugging a tcp socket connection

I don't think you have any choice but to use some sort of traffic analyzer to get much more data than netstat will reveal unless the application has a debug/logging mode that you can enable.

One of the best freely available analyzers is 'ethereal' and it has a very good GUI. You can easilt setup filters to monitor only the packets you are interested in.

Warning: It does have a large number of dependencies so make certain than you swinstall them all.

If it ain't broke, I can fix that.
Honored Contributor

Re: debugging a tcp socket connection

See if you can get anything from nettladm
It's a GUI, so export your display appropriately.
The raw logs may show something.

It works for me (tm)
Mark Greene_1
Honored Contributor

Re: debugging a tcp socket connection

Thanks to all who replied. Tcpdump is what I was having a brainfreeze over, but Bill's suggestion was great too. I will make some time to check out the others, they look good too.

the future will be a lot like now, only later