(pcap: File has 3130924352-byte packet, bigger than maximum of 262144) I think it's iptrace's problem.
when I try to open it with wireshark/tshark on MAC OSX, it shows: The capture file appears to be damaged or corrupt. domain or in a Cluster Aware AIX (CAA) environment should NOT be done before taking. cap file is captured on AIX v7.1 by iptrace -a -T -b -d .XXX mycap.cap. It is similar to traceroute, only does not not require uperuser privileges. (Capturing iptrace for a few minutes would not be a bad idea either. Run iptrace on AIX interface en1 to capture port 80 traffic from a single client IP to a server IP: iptrace -a -i en1 -s clientip -b -d serverip -p 80 trace.out This trace will capture both directions of the port 80 traffic on interface en1 between the clientip and serverip and send this to the raw file of trace.out.
It uses UDP port port or some random port. commands (continued) insmod (Linux), 1045 installp (AIX), 116 ioscan (HP-UX), 896 iostat, 1001 ipreport (AIX), 484 iptrace (AIX), 484 kill, 962 killall. It utilizes the IP protocol’s time to live (TTL) field and attempts to elicit an ICMP TIME_EXCEEDED response from each gateway along the path to the host.ī] tracepath – It traces path to destination discovering MTU along this path. You can use any one of the following command in bash to trace IP address and other stuff:Ī] traceroute – It tracks the route packets take across an IP network on their way to a given host.