현재 상태의 Network Trace를 시작해 보겠습니다.

# nettl  -tf  -e  all    ==> turn off tracing

  # netfmt  -N  -n  -l  -f    /var/adm/nettl.LOG00 > LOG00.trace (in 10.20 & 11.00)

  # netfmt  -N  -n  -l  -f    /var/adm/nettl.LOG000 > LOG000.trace (in 11.11 & up)

     (-l  says turn off inverse video)

     ( -n says don't resolve hostnames: display just IP}

     (if  -t  <Number of records> 를 사용하면 최근부터 원하는 수 만큼의 Record만을 display 할 수 있음)

# netfmt -c filter  -n  -l  -f /var/adm/nettl.LOG00 > LOG00.trace (in 10.20 & 11.00)

# netfmt -c filter  -n  -l  -f /var/adm/nettl.LOG000 > LOG000.trace (in 11.11 & up)

     (-c is for passing filter file)

  * filter file 사용법

  1. To view packets sent to and received from an IP address by the host running the nettl trace

     filter  ip_saddr  192.192.192.192   <--- use the IP address of your machine

     filter  ip_daddr  192.192.192.192   <--- use the IP address of your machine

  2. To view packets sent to and received from an Ethernet address by the host running the nettl trace

     filter  source Mac-Address

     filter  dest Mac-Address

  3. To see NFS packets sent to and from the host doing trace

     filter  udp_sport 2049 /* UDP Port 2049 = nfsd */

     filter  udp_dport 2049 /* UDP Port 2049 = nfsd */

  4. To see only telnet packets packets sent to and from the host doing the trace

     filter  tcp_sport 23 /* TCP Port 23 = telnet */

     filter  tcp_dport 23 /* TCP Port 23 = telnet */

  * Examin the "-tracemax" option.  

This will extend the buffer size for the nettl trace so that it will keep a second buffer file (TRC1) from being created.

  # nettl -tn pduin pduout -e all -tracemax 10000 -f /var/adm/nettl.LOG00 (in 10.20 & 11.00)

  # nettl -tn pduin pduout -e all -tracemax 10000 -f /var/adm/nettl.LOG000 (in 11.11 & up)