HPE Community
Operating System - OpenVMS
1821246 Members
2851 Online
109632 Solutions
New Discussion юеВ

Can any one tell me How to use Wireshark in to analyze Decnet Packates?

 
Anjan Ganguly
Frequent Advisor

тАО06-14-2011 03:08 AM

тАО06-14-2011 03:08 AM

Can any one tell me How to use Wireshark in to analyze Decnet Packates?

Actually I have one server connected to switch and the with WAN router.It is communicating with another 5 servers situated in different geographical location.They all are connected via WAN network.I am attaching a short description of my network too.
I want to analyze the incoming and outgoing Decnet packates through Wireshark.Can somebody guide me how to do it?My Servers are
Alpha DS10 server and Open VMS version 7.2-1 installed in it.
0 Kudos
Reply
6 REPLIES 6
JohnDite
Frequent Advisor

тАО06-14-2011 06:29 AM

тАО06-14-2011 06:29 AM

Re: Can any one tell me How to use Wireshark in to analyze Decnet Packates?

Hi Anjan,

basically there are different ways of doing this.

You'll have to check your TCPIP version, but in later versions of TCPIP tcpdump appeared.

On OpenVMS systems you can use tcpdump to record traffic that you can then analyze offline ie. on your PC using wireshark. Unfortunately this only applies to TCP traffic, ie. it would only cover DECnet traffic running over IP. Although, it's been on the wish list for a number of years, tcpdump at a LAN driver level (in OpenVMS) has not been implemented(?) or released yet.

The second method, and this most probably you can only do with help of your network folks, is to configure a mirror port on the a LAN switch to which your OpenVMS server is connected to. You basically then connect your PC to this mirror port and run wireshark in promiscuous mode.

John
0 Kudos
Reply
Hoff
Honored Contributor

тАО06-14-2011 07:04 AM

тАО06-14-2011 07:04 AM

Re: Can any one tell me How to use Wireshark in to analyze Decnet Packates?

Avail yourself of the DECnet-Plus documentation.

Here's a good spot to start:

http://h71000.www7.hp.com/doc/82final/decnetplus/prb_slv.pdf

That'll help you isolate whatever this might be that you're chasing here. DECnet-Plus has tools to track and monitor itself, and that's probably easier than getting Wireshark where you want here.

As for learning more about Wireshark itself and its packet captures, please go visit the Wireshark web site.

www.wireshark.org

I'd tend to expect you'll need a mirrored port on one of those switches with Wireshark, if you're running any significant network load.
Reply
Anjan Ganguly
Frequent Advisor

тАО06-17-2011 12:27 AM

тАО06-17-2011 12:27 AM

Re: Can any one tell me How to use Wireshark in to analyze Decnet Packates?

I was going through through the Decnet problem solving document.I saw that we can use CTF to trace the OSI_transport for incoming and outgoing connect request.
Can you please tell me the commands to do it?

Anjan
0 Kudos
Reply
Ian Miller.
Honored Contributor

тАО06-17-2011 01:07 AM

тАО06-17-2011 01:07 AM

Re: Can any one tell me How to use Wireshark in to analyze Decnet Packates?

The current CTF manual is at
http://h71000.www7.hp.com/doc/82final/decnetplus/CTF_USE.pdf

____________________
Purely Personal Opinion
Reply
JohnDite
Frequent Advisor

тАО06-17-2011 04:27 AM

тАО06-17-2011 04:27 AM

Re: Can any one tell me How to use Wireshark in to analyze Decnet Packates?

CTF is a real pain (when compared to using Wireshark) - speaking after years of experience of having to use it. ;-)

Unfortunately the filtering possibilities are pretty restricted with CTF. In most cases you end up using the following command:

Live Trace:
$TRACE START/live "OSITP CR Messages", "OSITP LSP * RSP *"

Trace into a file:
$TRACE START "OSITP CR Messages", "OSITP LSP * RSP *"

That will automatically write OSI Transport PDUS into the CTF$TRACE.DAT trace files (these files are setup as a ring-buffer - which is the positive thing I can say about CTF)

Having stopped the trace with
$TRACE STOP
you can now use the
$TRACE ANALYZE or
$TRACE ANALYZE/FULL
command to decode your trace files.

However your trace file may contain the PDUs of many hundred of OSI Transport connections and there is no simple way to filter these from one another.

As a famous philosopher said "You will be like a blind man in a dark room looking for a black cat ... that isn't even there!"

That's why TRACE (CTF) is a pain!
Please write to HP and ask them to implement tcpdump (as with Tru64) at the LAN level. Miracles may happen.

John

PS. Don't forget to add the Process rights NET$TRACEALL and NET$TRACEALLREMOTE to your account.

PPS. Just for good measure if you're serious about analyzing OSI Transport PDUs you should get a copy of the protocol specification:
(for free)
http://www.itu.int/rec/T-REC-X.224-199511-I/en/
(equivalent to ISO8073)
0 Kudos
Reply
Ian Miller.
Honored Contributor

тАО06-17-2011 06:31 AM

тАО06-17-2011 06:31 AM

Re: Can any one tell me How to use Wireshark in to analyze Decnet Packates?

tcpdump is available for HP TCPIP for OpenVMS

http://h71000.www7.hp.com/doc/732final/6631/6631pro_001.html#tcpdump_sec
____________________
Purely Personal Opinion
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.