HP OpenVMS systems documentation

The following restrictions apply to using tcpdump on OpenVMS:

• Copy-all mode is on by default on OpenVMS.
• Promiscuous mode is not available, so tracing must be issued on either the source or destination host.
• Only Ethernet native tracing on is supported on OpenVMS.
• Only one user may trace at a time on OpenVMS using either tcpdump or tcptrace .
• Name server inverse queries are not dumped correctly: The (empty) question section is displayed rather than real query in the answer section.
• A packet trace that crosses a daylight saving time change produces skewed time stamps (the time change is ignored).

When packets are copied by the TCP/IP kernel, it places them into a ring buffer that is emptied by tcpdump . If packets are received fast enough, the ring will fill up and the TCP/IP kernel discards (drops) packets until tcpdump has caught up. Because tcpdump has not seen these dropped packets, it cannot tell whether they were relevant to the requested trace.

If the option -B is used, tcpdump indicates when the drops occur by issuing a BUFFERSFULL error. This can be useful if the drops occur outside the sequence being analyzed.

There are several methods for reducing the number of packet drops:

• Specify a more detailed filter in the tcpdump command.
• Trace to a file instead of SYS$OUTPUT using -w filename . For best results, use a disk with little activity or a RAM disk.
• Increase the number of buffers in the ring using -b buffers . The default for Alpha systems is 400. For VAX systems, the default is 50. The processes working set quota (WSQUOTA) may need to be increased for larger numbers than the default.
• Increase the default process priority of the process that issued the tcpdump command.

TCP/IP Services provides a call tracing facility that can be used to help characterize and debug the use of the sockets API for many applications.

To enable tracing, define the TCPIP$SOCKET_TRACE logical name. The logical name accepts the following arguments:

• 1 or 0
  Specify 1 to enable socket tracing, or 0 to disable socket tracing. When the logical name is set to 1, the output from the trace is displayed interactively. For example:

  $ DEFINE TCPIP$SOCKET_TRACE 1

• Log file name
  Specify the name of the log file for storing the tracing information. For example:

  $ DEFINE TCPIP$SOCKET_TRACE SYS$LOGIN:TCPIP$SOCKET_TRACE.LOG

• Location for process-specific log files
  Specify a directory for storing the log files. Each log file name reflects the name of the process that is being traced. For example:

  $ DEFINE /SYSTEM TCPIP$SOCKET_TRACE SYS$SYSDEVICE:[LOGFILES]

The following example shows a sample tracing:

23:35:47.48 +socket family: 2, type: 1, proto: 0 23:35:47.48 -socket chan: 0xf0, st: 0x1, iosb: 0x1 0 23:35:47.48 *setsockopt sock: 0xf0, lev: 0xffff, opt: 0x4, val: 1, len: 4 23:35:47.49 *bind44 socket: 0xf0, st: 0x1, iosb: 0x1 0 23:35:47.50 *listen sock: 0xf0, backlog: 5 23:35:47.51 +accept44 chan: 0xf0 23:35:54.04 -accept44 rtchan: 0x100, st: 0x1, iosb: 0x1 0 23:35:54.04 *getpeername44 sock: 0x100 23:35:54.04 +send_64 sock: 0x100, addr: 0x7AEF7A00, len: 28, flags: 0x0 23:35:54.04 -send_64 st: 0x1, iosb: 0x1 28 23:35:54.04 *shutdown sock: 0x100, how: 2 23:35:54.05 *close sock: 0x100, st: 0x1 23:35:54.05 *close sock: 0xf0, st: 0x1

In this example, you can see the application opening a socket, setting socket options, binding, listening, accepting, sending data, and so forth.

Lines beginning with a plus sign (+) indicate that the relevent routine is being entered. There is usually a line beginning with a minus sign (-) soon after, when the routine returns. For routines that normally return right away, only one line is displayed, beginning with an asterisk (*).

After verifying that the underlying transport is working, check to see whether the remote host can be reached by its host name. If your name server resides on a remote system, make sure your resolver configuration specifies that system. To determine whether the resolver is pointing to the correct server, enter the following command:

TCPIP> SHOW NAME_SERVICE BIND Resolver Parameters Local domain: lkg.dec.com System State: Started, Enabled Transport: UDP Domain: lkg.dec.com Retry: 4 Timeout: 4 Servers: rufus.lkg.dec.com, peach.lkg.dec.com Path: lkg.dec.com Process State: Enabled Transport: Domain: Retry: Timeout: Servers: Path:

Make sure the remote servers are reachable (using ping ) and that they are valid name servers.

If your name server resides on the local system, use the SHOW NAME_SERVICE command to make sure your resolver points to localhost .

Next, verify that the TCPIP$BIND process is enabled and running. First, enter the following command to determine whether TCPIP$BIND is enabled:

TCPIP> SHOW SERVICE Service Port Proto Process Address State BIND 53 TCP,UDP TCPIP$BIND 0.0.0.0 Enabled DHCP 67 UDP TCPIP$DHCP 0.0.0.0 Enabled DIOSERVER 1451 TCP CLM 0.0.0.0 Disabled ECHO 7 TCP MULTI 0.0.0.0 Disabled ESNMP 705 UDP ESNMP 0.0.0.0 Disabled FINGER 79 TCP TCPIP$FINGER 0.0.0.0 Enabled FTP 21 TCP TCPIP$FTP 0.0.0.0 Enabled HELLO 12345 TCP HELLO_WORLD 0.0.0.0 Disabled JOHN 520 UDP UCX$ROUTER 0.0.0.0 Disabled LBROKER 6570 UDP TCPIP$LBROKER 0.0.0.0 Disabled LPD 515 TCP TCPIP$LPD 0.0.0.0 Enabled MATT 5432 TCP TCPIP$RLOGIN 0.0.0.0 Disabled METRIC 570 UDP TCPIP$METRIC 0.0.0.0 Enabled MOUNT 10 TCP,UDP TCPIP$MOUNTD 0.0.0.0 Enabled NFS 2049 UDP TCPIP$NFS 0.0.0.0 Enabled NOTES 3333 TCP NOTESRVR 0.0.0.0 Enabled NTP 123 UDP TCPIP$NTP 0.0.0.0 Enabled PCNFS 5151 TCP,UDP TCPIP$PCNFSD 0.0.0.0 Enabled POP 110 TCP TCPIP$POP 0.0.0.0 Enabled PORTMAPPER 111 TCP,UDP TCPIP$PORTM 0.0.0.0 Enabled REXEC 512 TCP TCPIP$REXEC 0.0.0.0 Enabled RLOGIN 513 TCP not defined 0.0.0.0 Enabled RSH 514 TCP TCPIP$RSH 0.0.0.0 Enabled SMTP 25 TCP TCPIP$SMTP 0.0.0.0 Enabled SNMP 161 UDP TCPIP$SNMP 0.0.0.0 Enabled TELNET 23 TCP not defined 0.0.0.0 Enabled TFTP 69 UDP TCPIP$TFTP 0.0.0.0 Enabled XDM 177 UDP TCPIP$XDM 0.0.0.0 Enabled

If the BIND process is enabled, it will appear in the display.

Then determine whether the BIND process is running by entering the following command:

$ SHOW SYSTEM /NETWORK OpenVMS V7.1-1H2 on node RUFUS 27-JUN-2000 16:45:46.84 Uptime 16 01:55:35 Pid Process Name State Pri I/O CPU Page flts Pages 2FC0021F TCPIP$NTP LEF 10 2042786 0 00:02:03.43 657 190 N 2FC00221 TCPIP$LBROKER LEF 9 3779921 0 00:06:27.51 652 271 N 2FC05046 TCPIP$POP_1 HIB 10 243688 0 00:00:48.42 955 598 N 2FC00289 TCPIP$PORTM LEF 10 13289 0 00:00:03.23 614 189 N 2FC0628F TCPIP$RE_BG1879 LEF 6 1647 0 00:00:00.96 1709 612 N 2FC0089A NFS$SERVER LEF 10 89284 0 00:00:19.28 978 580 N 2FC06C9E NOTES$00CD_2* HIB 6 208844 0 00:01:22.65 1932 152 N 2FC03EC7 TCPIP$BIND_1 LEF 10 515297 0 00:01:26.06 972 322 N 2FC01CF6 TCPIP$PCNFSD LEF 10 326 0 00:00:00.27 660 228 N $

If the TCPIP$BIND_1 process is not running, look for errors in the SYS$SPECIFIC:[TCPIP$BIND]TCPIP$BIND_RUN.LOG file.

To reduce the possibility of a name server being unavailable, you might configure more than one name server on your network. This way, if the primary name server is unreachable or unresponsive, the resolver can query the other name server.

1.2.8 Checking the Route to a Remote Host

If you receive "network unreachable" messages, you may be experiencing a routing problem. You can easily detect whether the problem is with your local routing table by doing the following:

• Enter a netstat -rn or SHOW ROUTE command.
  Display the routing table, then compare the output to the routing table of a properly running system. Make sure there is a default route defined and that the IP address listed in the gateway column for the default route and the local host are in the same subnet. The default route specifies the gateway to use when a route is not explicitly defined for the destination IP address.
  For example, enter the following command:

  TCPIP> netstat -rn Routing tables Destination Gateway Flags Refs Use Interface Route Tree for Protocol Family 2 default 16.20.0.173 UG 17 1526068 WE0 10.10/16 16.20.208.154 UGS 0 204911 WE0 10.10.39/25 10.10.39.2 U 2 17942 BE0 16.20/16 16.20.208.100 U 45 6219676 WE0 16.20/16 16.20.208.208 U 0 0 WE0 127.0.0.1 127.0.0.1 UH 1 69844 LO0 Route Tree for Protocol Family 26 ::1 Link#1 UH 0 0 LO0 ff01::/16 Link#1 U 0 0 LO0

• To display a default route using the TCP/IP Services management commands, enter one of the following commands:

  $ TCPIP SHOW ROUTE /PERMANENT /DEFAULT $ TCPIP SHOW ROUTE /DEFAULT

  
  The following example shows typical output from these two commands:

  $ TCPIP SHOW ROUTE /PERMANENT /DEFAULT PERMANENT Type Destination Gateway PN 0.0.0.0 rufus.lkg.dec.com $ TCPIP SHOW ROUTE /DEFAULT DYNAMIC Type Destination Gateway DN 0.0.0.0 10.10.2.66 $

  
  To set a default route, enter a command similar to the following:

  $ TCPIP SET ROUTE /DEFAULT /GATE=n.n.n.n

  
  You can also set a default route by running the TCPIP$CONFIG procedure and selecting option 1 for Core, and then option 3 for Routing. TCPIP$CONFIG prompts with:

  * Do you want to configure dynamic ROUTED or GATED routing [NO]:

  
  Take the default value by pressing the Enter key. TCPIP$CONFIG then displays the current configuration and asks whether you want to reconfigure a default route:

  The current configuration for the default route is: PERMANENT Type Destination Gateway PN 0.0.0.0 rufus.lkg.dec.com * Do you want to reconfigure a default route [YES]: Enter the Default Gateway host name []:

• Next, use ping to see whether you can reach the routing gateway.

The traceroute command helps you locate problems between the local host and the remote destination by tracing the route of UDP packets from the local host to a remote host. Tracing attempts to determine the name and IP address of each gateway along the route to the remote host.

The traceroute command works by sending UDP packets with small time-to-live (TTL) values and an invalid port number to the remote system. The TTL values increase in increments of one for each group of three UDP packets sent. When a gateway receives a packet, it decrements the TTL. If the TTL is zero, the packet is not forwarded, and an ICMP "time exceeded" message is returned.

Intermediate gateways are detected when they return an ICMP "time exceeded" message. When traceroute receives an "invalid port" message, it knows that it reached the remote destination. ( traceroute operates by intentionally using an invalid port.) When traceroute receives this message, it knows it has reached the destination host and terminates the trace. In this way, traceroute develops a list of gateways starting at one hop away, and increasing one hop at a time until the remote host is reached.

For more information about using traceroute , see Appendix A.

1.2.10 Determine Whether Network Services Are Available

The auxiliary server functions like the UNIX internet daemon ( inetd ) by managing access to the network services. The auxiliary server assigns standard port numbers to services such as the BOOTP, SMTP, or FTP servers, and starts the appropriate image after receiving an incoming request.

To verify correct operation of a service, you need to verify that the service:

• Has an entry in the service database
• Has the correct attributes defined
• Account has the correct privileges
• Is enabled
• Is started

To display the services database, enter the SHOW SERVICE command. For example:

TCPIP> SHOW SERVICE (1) (2) (3) (4) (5) (6) Service Port Proto Process Address State FINGER 79 TCP TCPIP$FINGER 0.0.0.0 Disabled FTP 21 TCP TCPIP$FTP 0.0.0.0 Enabled LPD 515 TCP TCPIP$LPD 0.0.0.0 Enabled MOUNT 10 UDP TCPIP$NFS_M 0.0.0.0 Enabled NFS 2049 UDP TCPIP$NFS 0.0.0.0 Enabled NTP 123 UDP TCPIP$NTP 0.0.0.0 Enabled PCNFS 5151 TCP,UDP TCPIP$PCNFSD 0.0.0.0 Enabled POP 110 TCP TCPIP$POP 0.0.0.0 Enabled PORTMAPPER 111 TCP,UDP TCPIP$PORTM 0.0.0.0 Enabled REXEC 512 TCP TCPIP$REXEC 0.0.0.0 Enabled RLOGIN 513 TCP not defined 0.0.0.0 Enabled RSH 514 TCP TCPIP$RSH 0.0.0.0 Enabled SMTP 25 TCP TCPIP$SMTP 0.0.0.0 Enabled SNMP 161 UDP TCPIP$SNMP 0.0.0.0 Enabled TELNET 23 TCP not defined 0.0.0.0 Enabled TFTP 69 UDP TCPIP$TFTP 0.0.0.0 Enabled

1. This column lists those services with entries in the TCPIP services database. If not listed in this column, the service was never enabled during the configuration procedure (using TCPIP$CONFIG.COM). To enable additional services, run the TCPIP$CONFIG procedure.
2. This column lists the port on which the service listens for connection requests. The port number is either the well-known port number for the service or an ephemeral port number assigned when the socket is assigned a protocol address.
3. This column lists the TCP/IP protocol that the service uses to communicate with the client process.
4. This column lists the process name for the service. If you use the DCL command SHOW SYSTEM /NETWORK, this is the process name you should see if the process is running.
5. This column lists the IP address of the interface on which the service accepts connection requests. IP address 0.0.0.0 indicates that the service will accept connection requests received on any of the local interfaces.
6. This column lists whether the service is enabled or disabled. The term enabled indicates that the next time TCP/IP Services starts, TCP/IP Services starts all services that are marked in the service database as enabled. In this example, of the services listed, all services except finger will start the next time TCP/IP Services restarts.

   Note In this example, the finger service was configured with TCPIP$CONFIG. However, at some point, finger was disabled either by a TCPIP management command or by an incremental shutdown of the service.

Each service should have the following items defined in the services database:

• OpenVMS user account (also in user authorization file [UAF])
• Unique port number
• Protocol
• Name and location of the startup command procedure and log file
• Service parameters (for example, timeouts, privileges)
• Flags

If these items are not defined correctly, or if the service account privileges and file protections are not assigned correctly, the service will fail to respond to an incoming request. This failure may be logged in the service-specific log file.

To display information about a service, enter the TCPIP command SHOW SERVICE /FULL and specify the service name. For example:

$ TCPIP TCPIP> SHOW SERVICE /FULL TELNET Service: TELNET (1) State: Enabled Port: 23 Protocol: TCP Address: 0.0.0.0 Inactivity: 1 User_name: not defined Process: not defined Limit: 57 Active: 12 Peak: 14 File: not defined Flags: Listen Rtty Socket Opts: Keepalive Rcheck Scheck (2) Receive: 3000 Send: 3000 Log Opts: Actv Dactv Conn Error Logi Logo Mdfy Rjct (3) File: not defined Security (4) Reject msg: not defined Accept host: 0.0.0.0 Accept netw: 0.0.0.0 TCPIP>

1. This section displays information about the service: service name, process name, user name, port and interface on which the service is listening, whether the service is enabled or disabled, and the number of copies of the service that can run at one time.
2. This section displays the socket options that the service uses. The service's socket options can be changed dynamically, though it is unlikely that someone would change them. If you suspect that improper socket options are in effect, you can reestablish the default values by disabling the service, running TCPIP$CONFIG, and then enabling the service.
3. This section displays the name of the log file that receives event messages and the events that the service will log. Checking the log file may indicate the cause of a problem.
4. This security section displays a list of hosts and networks that are specifically given or denied access to the service. If one system is unable to access a service, check this section to see whether the system or its associated network is being denied the service.

To check the privileges associated with a service's process, enter a command for the process, as follows:

$ INSTALL LIST/FULL TCPIP$SMTP_RECEIVER DISK$VMS721:<SYS0.SYSCOMMON.SYSEXE>.EXE TCPIP$SMTP_RECEIVER;1 Open Hdr Shared Prv Entry access count = 20 Current / Maximum shared = 1 / 1 Global section count = 1 Privileges = SYSPRV Authorized = SYSPRV $ INSTALL LIST/FULL TCPIP$FTP_CHILD DISK$VMS721:<SYS0.SYSCOMMON.SYSEXE>.EXE TCPIP$FTP_CHILD;1 Open Hdr Shared Prv Entry access count = 42 Current / Maximum shared = 1 / 3 Global section count = 1 Privileges = PSWAPM OPER Authorized = PSWAPM OPER