How to safely run TCP/IP traces on your network CLIM
Updated: 2 days ago
Warning: Doing TCP/IP traces on your network CLIM could cause it to fail!
Now the good news: You can avoid it.
Sometimes you need to capture the TCP/IP traffic that is passing through a CLIM interface to diagnose session problems and the like. This is relatively easy using the Debian Linux command tcpdump, which you send to the CLIM using the CLIMCMD macro. But there are many options in this command, and a few of them can be problematic if you’re not careful. The behavior of tcpdump is also not intuitive to long-time users of NonStop. It’s documented in the HPE NonStop Cluster I/O Protocols (CIP) Configuration and Management Manual.
First, once you initiate the trace, how do you get it to stop tracing? That’s done by pressing the <break> key on your terminal or your emulator. But sometimes the trace keeps on running even after you think you’ve stopped it. The culprit is the “-prov” switch in the command line, which you mut use if your system has the MULTIPROV option turned on. If you use “-prov” the trace will not stop upon seeing <break>. You need to specify “-provider” in order to get the desired behavior, and that is an undocumented feature.
Second, you usually want the trace to be captured to a disk file, which you do with the “-w” switch. Once captured, you can transfer it to your NonStop system, and then to your PC where you can use wireshark to read it. But you must make a directory to hold your trace file before you can do it. The default filesystem for CLIMCMD commands is the root, or “/” directory. This is a bad place to put your trace files since it is also where the CLIM operating system puts all of its files, including virtual memory. If it fills up it will cause the OS to stop working. So, you should create your trace directory in the /home filesystem which is on a different physical disk inside the CLIM.
Third, you may want to limit the size of the disk file(s) created, and even use them as circular buffers. That depends on what you’re trying to catch but it can be done with the “-C” switch, which specifies the file size in millions of bytes.
Last, you want to make sure you clean up once you’ve finished tracing. This consists of deleting your trace files once you no longer need them, and making sure any tcpdump processes are gone.
Here’s an example sequence:
1. Create the trace directory on the CLIM. DO NOT use the root directory:
CLIMCMD mkdir /home/mytrace
2. Start the trace:
CLIMCMD NCLIM000 -provider ZB03C tcpdump -n -s 1500 -C 5 -w /home/mytrace/trace.pcap host 22.214.171.124
3. Run your program (or whatever you’re trying to capture). Do this from a DIFFERENT TACL than the one where you ran the trace!
4. Stop the trace. From the TACL where you ran the trace, press the <break> key.
5. Make sure the tcpdump process has stopped
Find the pid of the tcpdump: CLIMCMD NCLIM000 pidof tcpdump
If a pid is returned, make sure that pid is really a tcpdump process: CLIMCMD NCLIM000 ls [pid]
If it’s still there, kill it: CLIMCMD NCLIM000 kill [pid] BE VERY CAREFUL!!
6. Move the trace file to NonStop
clsftp NCLIM000 get /home/mytrace/trace.pcap $data.traces.trace1
7. Delete the trace from the CLIM
climcmd NCLIM000 rm /home/mytrace/trace.pcap
8. Copy the pcap file from NonStop to your pc and run WireShark to view the trace.
That’s it! You’re done, and your CLIM is still happily running.
Matt’s career spans the corporate transitions of what is now HPE NonStop. He started at Tandem in 1982 as a system engineer, and saw the company evolve from Tandem to Compaq, and finally to HP/HPE – from where he retired with the title of Master System Architect. Throughout the course of these changes, Matt’s job was focused on pre-and post-sales technical support for software and systems.