Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ nettrfmt(1M) — HP-UX 6.20

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

nettrdump(1M)

nettrstart(1M)

nettrstop(1M)

NETTRFMT(1M)  —  Series 300 and 800 Only

NAME

nettrfmt − format binary trace data

SYNOPSIS

/usr/bin/nettrfmt [ -c configfile ] [ -l ] [ filename ]
(Series 300 and 800) /usr/bin/nettrfmt [ -c configfile ] [ -ln ]
[ -N | [ -1 [ -LT ] ] ] [ filename ]
(Series 800 only)

DESCRIPTION

nettrfmt reads binary trace data from either a file or standard input.  nettrfmt then writes formatted trace data to standard output. 

Parameters

The parameters for nettrfmt are:

-c configfile Specifies a “configuration file” which contains two types of information: names or filters.  Specifications for the configuration file are listed in Option File Format names or filters.  below. The file, $HOME/.nettrc, in the user’s home directory is used as the default configuration file. 

-l Turn off inverse video highlighting of certain traced fields.  Use this flag when sending formatted trace data to a line printer.  Default: Certain fields in the trace file are highlighted in inverse video when you view the formatted trace format at a terminal which supports highlighting. 

-1 (Series 800 Only) Attempts to tersly format each traced packet on a single ("1") line. 

-N (Series 800 Only) Enables "nice" formatting where Ethernet/802.3, IP, ICMP, TCP, UDP, PXP, ARP, and Probe packets are displayed symbolically.  All remaining user data is formatted in hexidecimal and ASCII. 

-n Shows network addresses and ports as numbers ( normally, nettrfmt interprets addresses and attempts to display them symbolically). 

-T (Series 800 Only) Places a time stamp on tersely formatted packets.  Used with the -1 option. 

-L (Series 800 Only) Prepends local link address information to terse tracing output.  Used with the -1 option. 

filename File containing binary link level trace data.  Default: standard input. 

Naming and Filtering

The configuration file allows specification of two types of information.  First, the user may specify an 802.3/Ethernet-address-to-node-name mapping which causes nettrfmt to substitute the specified node name for its address in the output.  Secondly, filters may be specified in order to tailor precisely which packets are to be discarded and which are to be formatted. 
 
A filter is compared against values in input packets. If a packet matches a filter, then the packet is formatted. Otherwise, the packet is discarded. A filter can also be “negative” by specifying “!” before the filter value in the configuration file. If a packet matches a negative filter the packet is discarded. A filter can also be a “wild-card” (matching any value) by specifying an asterisk “*” before the filter value in the configuration file. “Wild card” filters will pass all packets of the specified protocol layer.
 
There are numerous filter types, each associated with a particular protocol layer:

Filter Layer Filter Type Description
Layer 1 dest hardware destination address
source hardware source address
interface software network interface
Layer 2 ssap 802.3 source sap
dsap 802.3 destination sap
type Ethernet type
Layer 3 ip_saddr IP source address
ip_daddr IP destination address
Layer 4 tcp_sport TCP source port
tcp_dport TCP destination port
pxp_sport PXP source port
pxp_dport PXP destination port
udp_sport UDP source port
udp_dport UDP destination port
connection a level 4 (TCP, UDP, PXP) connection

Filtering occurs at each of the four layers. If a packet matches any filter within a layer, it is passed up to the next layer. The packet must pass every layer to pass through the entire filter. Filtering starts with Layer 1 and ends with Layer 4. If no filter is specified for a particular layer, then that layer is “open” and all packets pass through. For a packet to make it through a filter layer which has a filter specified, it must match the filter.

Option File Format

Each line in the option file, configfile, is divided into three fields. The first field describes the type of entry, the second field specifies the “name” of the entry, and the third field gives the “value” for the entry. A line can also consist of a comment preceded by a “#”.
 
The forms the entries in the configfile can take are given below with their corresponding value representation. 

# <comment> Optional

name nodename value
Nodename is a character string.  Value is a hardware address consisting of 6 bytes specified in hexadecimal (without leading “0x”), optionally separated by “-”. 

filter type [ ! ] value | *
Type can be one the following:

      dest          tcp_sport
     source        tcp_dport
     interface     pxp_sport
     ssap          pxp_dport
     dsap          udp_sport
     type          udp_dport
     ip_saddr      connection
     ip_daddr

Value can take the following forms, depending on the type specified above:

dest or source
Hardware address consisting of 6 bytes specified in hexadecimal (without leading “0x”), optionally separated by “-”.

interface
Network interface of the form: lan<n> for LAN interface, or lo<n> for loopback interface, where n is the logical unit number; for example, lan0. 

ssap, dsap or type
A hexadecimal integer of the form: 0xdigits; an octal integer of the form: 0digits; or, a base-ten integer, 0 through 4095. 

ip_saddr or ip_daddr
A hostname or a 4-byte internet address specified in decimal dot notation. (See inet(3N) for more information on internet addresses and decimal dot notations.)

tcp_sport, tcp_dport, udp_sport,
udp_dport, pxp_sport, pxp_dport

A port number as a 2-byte integer value or a service name.  The integer value can be designated by a hexadecimal integer (0xdigits), an octal integer (0digits), or a base-10 integer (0 through 4095). 

connection
Takes the form:
local_addr:port remote_addr:port where local_addr and remote_addr can be a hostname or a 4-byte internet address specified in decimal dot notation. (See inet(3N) for more information on internet addresses and decimal dot notations.) Port can be a service name or an integer.  Integer represents a port and can be designated by a hexadecimal integer (0xdigits), an octal integer (0digits), or base- 10 integers (0 through 4095). 

DIAGNOSTICS

Messages describe illegal use of nettrfmt command and unexpected EOF encountered. 

EXAMPLES

The following examples show the format of entries in the configuration file specified using the -c option. 
 

1.  Hardware address to name mappings:
 
name hpindlm 08-00-09-00-0e-ca
name hpindla 02-60-8c-01-33-58
 

2.  Format only packets from either of the above hardware addresses:
 
filter source 08-00-09-00-0e-ca
filter source 02-60-8c-01-33-58

3.  Filter all packets transmitted from the local node to “hpindlm” which reference local TCP service ports “login” or “shell’, or remote UDP port 777. The local hostname is “local”:
 
filter ip_saddr local
filter ip_daddr hpindlm
filter tcp_sport login
filter tcp_sport shell
filter udp_dport 777

4.  Filter a TCP connection from the local node, “hpindda”, to “hpindlm” which uses “hpindda” service port “ftp” and remote port 1198. 
 
filter connection hpindda:ftp hpindlm:1198

5.  Filter all packets except those that use interface “lan0”:
 
filter interface ! lan0

DEPENDENCIES

Implemented on the Series 300 and 800 only.  The -N, -1, -T, and -T, -L options are supported on the Series 800 only. 

AUTHOR

HP

SEE ALSO

nettrdump(1M), nettrstart(1M), nettrstop(1M). 

Hewlett-Packard Company  —  May 11, 2021

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026