11-Network Management and Monitoring Command Reference

HomeSupportResource CenterSwitchesS12500R SeriesS12500R SeriesTechnical DocumentsReference GuidesCommand ReferencesH3C S12500R Switch Router Series Command References(R3606)-6W10011-Network Management and Monitoring Command Reference
17-TCP connection trace commands
Title Size Download
17-TCP connection trace commands 154.23 KB

TCP connection trace commands

display tcp trace cache-connection

Use display tcp trace cache-connection to display information about all disconnected TCP connections that have been cached.

Syntax

display tcp trace cache-connection { ip | ipv6 } slot slot-number

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

ip: Specifies all disconnected IPv4 TCP connections.

ipv6: Specifies all disconnected IPv6 TCP connections.

slot slot-number: Specifies a card by its slot number.

Examples

# Display information about all disconnected IPv4 connections that have been cached.

<Sysname> display tcp trace cache-connection ip

 R (Reason):

  PN: Peer normal close

  RR: Received reset

  SR: Sent reset

  AN: Application normal close

  AA: Application abnormal close

  KT: Keepalive timeout

  PT: Persist timeout

  RT: Retransmit timeout

  BD: Backup drop

 Local Addr:port       Foreign Addr:port     VPN name    R   Time

 192.168.1.10:5000     192.168.1.50:10001    vpn1        PN  20:29:08

                                                             July 1 2019

# Display information about all disconnected IPv6 connections that have been cached.

<Sysname> display tcp trace cache-connection ipv6

 R (Reason):

  PN: Peer normal close

  RR: Received reset

  SR: Sent reset

  AN: Application normal close

  AA: Application abnormal close

  KT: Keepalive timeout

  PT: Persist timeout

  RT: Retransmit timeout

  BD: Backup drop

 LAddr->port             FAddr->port             VPN name   R   Time

 1::1->5000              1::2->10001             vpn1       PN  20:29:08

                                                                July 1 2019

Table 1 Command output

Field

Description

R (Reason)

Reason why the TCP connection was disconnected:

·     PN—The peer device was normally shut down.

·     RR—The local device received an RST packet.

·     SR—The local device sent an unsolicited RST packet.

·     AN—The application using the TCP connection was normally closed.

·     AA—The application using the TCP connection was abnormally closed.

·     KT—The keepalive probing timed out.

·     PT—The persist timer expired.

·     RT—The retransmission timed out.

·     BD—Invalid NSR standby MPU.

Local Addr

Local IPv4 address.

LAddr

Local IPv6 address.

port

Port number.

Foreign Addr

Peer IPv4 address.

FAddr

Peer IPv6 address.

VPN name

Name of the VPN instance to which the TCP connection belongs. This field displays N/A if the TCP connection is on the public network

Time

Time when the TCP connection was disconnected.

 

Related commands

reset tcp trace cache

tcp trace cache-mode

display tcp trace cache-packet ip

Use display tcp trace cache-packet ip to display packet information about a disconnected IPv4 TCP connection that is traced .

Syntax

display tcp trace cache-packet ip source-ip source-ipv4-address source-port source-port-number destination-ip destination-ipv4-address destination-port destination-port-number [ vpn-instance vpn-instance-name ] [ verbose | wireshark ] [ last last-number ] slot slot-number

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

source-ip source-ipv4-address: Specifies the source IPv4 address of the TCP connection.

source-port source-port-number: Specifies the source port number of the TCP connection, in the range of 1 to 65535.

destination-ip destination-ipv4-address: Specifies the destination IPv4 address of the TCP connection.

destination-port destination-port-number: Specifies the destination port number of the TCP connection, in the range of 1 to 65535.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance to which the TCP connection belongs. The vpn-instance-name argument represents the VPN instance name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command displays information on the public network.

verbose: Displays detailed packet information about the TCP connection. If you do not specify this keyword, the command displays brief packet information about the TCP connection.

wireshark: Displays packet information in hexadecimal notation that is readable in Wireshark . You can save the packet information to a .txt file and export the file to the Wireshark software. If you do not specify this keyword, the command displays packet information in Wireshark unreadable format.

last last-number: Displays information about the last traced packets before the TCP connection is terminated. The last-number argument specifies the number of last traced packets, in the range of 1 to the maximum number of data packets that can be traced per TCP connection. The maximum number is determined by the packet-number argument in the tcp trace max-packet-number command. If you do not specify the last traced packet number, this command displays information about all packets in the TCP connection.

slot slot-number: Specifies a card by its slot number.

cpu cpu-number: Specifies a CPU by its number. This option is available only if multiple CPUs are available on the specified slot.

Examples

# Display packet information about a disconnected IPv4 TCP connection in VPN instance vpn1. The source IP address of the connection is 192.168.20.100, source port number is 12345, destination IP address is 192.168.20.128, and destination port number is 4567.

<Sysname> display tcp trace cache-packet ip source-ip 192.168.20.100 source-port 12345 destination-ip 192.168.20.128 destination-port 4567 vpn-instance vpn1

 

 MDC ID: 1, Jul 5 09:37:58:917 2019, VPN name: vpn1

 Connection: 192.168.20.100:12345 -> 192.168.20.128:4567

 Reason: retransmit timeout

 sndmax/localackmax/scale/mss 1/1600/3/1484

 rcvmax/peerackmax/scale/mss 1996097123/2298871774/3/1496

 iss 305244901, irs 2301340424, in 2 (drop 0), out 2, retrans 0

 connection time: Jul 25 20:29:08:317 2019

 

 (1) Jul 25 20:29:18:192 2019 In

 seq 2301340425(1), ack 305244902(1), data 1484, NSR invalid (CLOSED)

 flag ACK, status ESTABLISHED, win: 8162, csum: 0x487e, ID: 65093, ipcsum: 0xd1d

 

 (2) Jul 25 20:29:18:192 2019 In

 seq 2301341909(1485), ack 305244902(1), data 115, NSR invalid (CLOSED)

 flag PSH ACK, status ESTABLISHED, win: 8162, csum: 0xb7a3, ID: 65094, ipcsum:

 0x1275

# Display detailed packet information about a disconnected IPv4 TCP connection in VPN instance vpn1. The source IP address of the connection is 192.168.20.100, source port number is 12345, destination IP address is 192.168.20.128, and destination port number is 4567.

<Sysname> display tcp trace cache-packet ip source-ip 192.168.20.100 source-port 12345 destination-ip 192.168.20.128 destination-port 4567 vpn-instance vpn1 verbose

 

 MDC ID: 1, Jul 5 09:37:58:917 2019, VPN name: vpn1

 Connection: 192.168.20.100:12345 -> 192.168.20.128:4567

 Reason: retransmit timeout

 sndmax/localackmax/scale/mss 1/1600/3/1484

 rcvmax/peerackmax/scale/mss 1996097123/2298871774/3/1496

 iss 305244901, irs 2301340424, in 2 (drop 0), out 2, retrans 0

 connection time: Jul 25 20:29:08:317 2019

 

 (1) Jul 25 20:29:18:192 2019 In

 seq 2301340425(1), ack 305244902(1), data 1484, NSR invalid (CLOSED)flag ACK,

 status ESTABLISHED, win: 8162, csum: 0x487e, ID: 65093, ipcsum: 0xd1d

 iss/sndcc/unack/next/max/wnd: 305244901/38/1171/1209/1209/65432

 irs/rcvcc/undeliver/next/adv/wnd: 2301340424/0/1095/1095/34399/33304

 socket state: ISCONNECTED

 socket options: SO_REUSEADDR

 inpcb flags: INP_RECVRETOPTS

 inpcb extflag: INP_RCVPWID

 TCP options: TF_DELACK

 recv delayack: 0

 time start/offset/nsroffset start/lastrcv/tsrecent tsrecentage

 1418899227/845300/56320

 1499899344/1498899727/1488899357

 1518399852

 rexmt shift/current/seq rtt/srtt/var low/min/best updatetimes

 300/123/2973724425 436/621/500

 420/650/630 321

# Display packet information in Wireshark readable format about a disconnected IPv4 TCP connection in VPN instance vpn1. The source IP address of the connection is 192.168.20.20, source port number is 22, destination IP address is 192.168.20.99, and destination port number is 54000.

<Sysname> display tcp trace cache-packet ip source-ip 192.168.20.20 source-port 22 destination-ip 192.168.20.99 destination-port 54000 vpn-instance vpn1 wireshark

 

 0000   8c dc d4 36 78 92 58 20 b1 06 a2 5c 08 00 45 10

 0010   00 5c 92 53 40 00 40 06 fe 70 c0 a8 14 14 c0 a8

 0020   14 63 00 16 d2 f0 af 02 21 8a ad a4 2c 4f 50 18

 0030   05 57 ba 58 00 00 2a e2 c8 a9 2e db 4b c5 9b

Table 2 Command output

Field

Description

MDC ID

ID of the MDC. The value is 1 if the TCP connection is in the default MDC.

Jul 5 09:37:58:917 2019

Time when the display tcp trace cache-packet ip command was executed.

VPN name

Name of the VPN instance to which the TCP connection belongs. This field displays N/A if the TCP connection is on the public network.

Connection

Source IP address, source port number, destination IP address, and destination port number in the TCP connection.

Reason

Reason why the TCP connection was disconnected:

·     received reset—The local device received an RST packet.

·     sent reset—The local device sent an unsolicited RST packet.

·     peer normal close—The peer device was normally shut down.

·     application normal close—The application using the TCP connection was normally closed on the local device.

·     application abnormal close—The application using the TCP connection was abnormally closed on the local device.

·     keepalive timeout—The keepalive probing timed out.

·     persist timeout—The persist timer expired.

·     retransmit timeout—The retransmission timed out.

·     backup drop—Invalid NSR standby MPU.

sndmax/localackmax/scale/mss

Packet sending information:

·     sndmax—Increment of the send sequence number, which is calculated by using the following formula: sequence number in the last sent packet - initial sequence number.

·     localackmax—Increment of the sequence number in the ACK packet for the locally sent packet, which is calculated by using following formula: sequence number in the last received ACK packet - sequence number in the initial ACK packet.

·     scale—TCP window size scale factor.

·     mss—Maximum segment size in sent packets.

rcvmax/peerackmax/scale/mss

Packed receiving information:

·     rcvmax—Increment of the receive sequence number, which is calculated by using the following formula: sequence number in the last received packet - initial sequence number.

·     peerackmax—Increment of the sequence number in the ACK packet for the packet received on the local device, which is calculated by using the following formula: sequence number in the last sent ACK packet - sequence number in the initial ACK packet.

·     scale—TCP window size scale factor.

·     mss—Maximum segment size in received packets.

iss

Sequence number in the SYN packet when the TCP connection was established.

irs

Sequence number in the ACK packet when the TCP connection was established.

in x (drop x)

Number of received packets. The value in parentheses (()) indicates the number of dropped packets.

out

Number of packets that have been sent.

retrans

Number of packets that have been retransmitted.

connection time

Time when the connection was established.

(1)

Display number of the packet information.

Jul 6 09:37:58:917 2019

Packet exchange time.

In

Incoming TCP packet.

Out

Outgoing TCP packet.

RS

Retransmitted TCP packet.

seq

Send sequence number. The value in parentheses (()) indicates the relative send sequence number, which is  calculated by using the following formula: send sequence number - initial send sequence number.

ack

Acknowledgment number. The value in parentheses (()) indicates the relative receive sequence number, which is  calculated by using the following formula: receive sequence number - initial receive sequence number.

data

Data length in the TCP packet.

NSR

Validity state of NSR:

·     valid.

·     invalid.

CLOSED

NSR state of the TCP connection:

·     CLOSED—Closed (initial) state.

·     CLOSING—The connection is to be closed.

·     ENABLED—The connection backup is enabled.

·     OPEN—The connection synchronization has started.

·     PENDING—The connection backup is not ready.

·     READY—The connection backup is ready.

·     SMOOTH—The connection data is being smoothed.

flag

TCP flag:

·     FIN—Terminates the connection.

·     SYN—Establishes the connection.

·     RST—Resets the connection.

·     PSH—Notifies the receiver to immediately process the data.

·     ACK—Acknowledges the receipt of data.

·     URG—Notifies the receiver to first process the urgent data.

status

TCP connection state:

·     CLOSED—The server receives a disconnection request's reply from the client.

·     LISTEN—The server is waiting for connection requests.

·     SYN_SENT—The client is waiting for the server to reply to the connection request.

·     SYN_RCVD—The server receives a connection request.

·     ESTABLISHED—The server and client have established connections and can transmit data bidirectionally.

·     CLOSE_WAIT—The server receives a disconnection request from the client.

·     FIN_WAIT_1—The client is waiting for the server to reply to a disconnection request.

·     CLOSING—The server and client are waiting for peer's disconnection reply when receiving disconnection requests from each other.

·     LAST_ACK—The server is waiting for the client to reply to a disconnection request.

·     FIN_WAIT_2—The client receives a disconnection reply from the server.

·     TIME_WAIT—The client receives a disconnection request from the server.

win

TCP window size

csum

Checksum in the TCP packet header.

ID

16-bit identification in the IP packet header.

ipcsum

Checksum in the IP packet header.

iss/sndcc/unack/next/max/wnd

Packet sending information:

·     iss—Initial send sequence number.

·     sndcc—Number of bytes in the send buffer.

·     unack—Sequence number in the first data packet that has been sent but not acknowledged minus the initial sequence number.

·     next—Sequence number in the next packet to be sent minus the initial sequence number.

·     max—Send maximum sequence number minus the initial sequence number.

·     wnd—TCP send window size.

irs/rcvcc/undeliver/next/adv/wnd

Packet receiving information:

·     irs—Initial receive sequence number.

·     rcvcc—Number of bytes in the receive buffer.

·     undeliver—Sequence number in the received data packet that has been not been delivered minus the initial receive sequence number.

·     next—Sequence number in the next expected packet.

·     adv—Sequence number in the sliding window advertisement packet minus the initial sequence number.

·     wnd—TCP receive window size.

socket state

Socket state:

·     NOFDREF—The user has closed the connection.

·     ISCONNECTED—The connection has been established.

·     ISCONNECTING—The connection is being established.

·     ISDISCONNECTING—The connection is being interrupted.

·     ASYNC—Asynchronous mode.

·     ISDISCONNECTED—The connection has been terminated.

·     PROTOREF—Indicates strong protocol reference.

·     N/A—None of above state.

socket options

Socket options:

·     SO_DEBUG—Records socket debugging information.

·     SO_ACCEPTCONN—Enables the server to listen connection requests.

·     SO_REUSEADDR—Allows the local address reuse.

·     SO_KEEPALIVE—Requires the protocol to test whether the connection is still alive.

·     SO_DONTROUTE—Bypasses the routing table query for outgoing packets because the destination is in a directly connected network.

·     SO_LINGER—Closes the socket. The system can still send remaining data in the socket send buffer.

·     SO_OOBINLINE—Stores the out-of-band data in the input queue.

·     SO_REUSEPORT—Allows the local port reuse.

·     SO_TIMESTAMP—Records the timestamps of the incoming packets, accurate to milliseconds. This option is applicable to protocols that are not connection orientated.

·     SO_NOSIGPIPE—Disables the socket from sending data. As a result, a sigpipe cannot be established when a return failure occurs.

·     SO_FILTER—Supports setting the packet filter criterion. This option takesd effect on the incoming packets.

·     SO_TIMESTAMPNS—Has a similar function with the timestamp, accurate to nanoseconds.

·     N/A—No options are set.

inpcb flags

Flags in the Internet PCB:

·     INP_RECVOPTS—Receives IP options.

·     INP_RECVRETOPTS—Receives replied IP options.

·     INP_RECVDSTADDR—Receives destination IP address.

·     INP_HDRINCL—Provides the entire IP header.

·     INP_REUSEADDR—Reuses the IP address.

·     INP_REUSEPORT—Reuses the port number.

·     INP_ANONPORT—Port number not specified.

·     INP_RECVIF—Records the input interface of the packet.

·     INP_DONTFRAG—Sets the Don't Fragment flag.

·     INP_PROTOCOL_PACKET—Identifies a protocol packet.

·     INP_RCVMACADDR—Receives the MAC address of the frame.

·     INP_SNDBYLSPV—Sends through MPLS.

·     INP_USEICMPSRC—Uses the user-defined source IP address of ICMP messages as the source address.

·     INP_SYNCPCB—Waits until Internet PCB is synchronized.

·     N/A—None of the above flags.

inpcb extflag

Extension flags in the Internet PCB:

·     INP_EXTRCVPVCIDX—Records the PVC index of the received packet.

·     INP_RCVPWID—Records the PW ID of the received packet.

·     INP_EXTDONTDROP—Does not drop the received packet.

·     N/A—None of the above flags.

TCP options

TCP options:

·     TF_MD5SIG—Enables MD5 signature.

·     TF_NODELAY—Disables the Nagle algorithm that buffers the sent data inside the TCP.

·     TF_NOOPT—No TCP options.

·     TF_NOPUSH—Forces TCP to delay sending any TCP data until a full sized segment is buffered in the TCP buffers.

·     TF_BINDFOREIGNADDR—Binds the peer IP address.

·     TF_NSR—Enables TCP NSR.

·     TF_REQ_SCALE—Enables the TCP window scale option.

·     TF_REQ_TSTMP—Enables the timestamp option.

·     TF_SACK_PERMIT—Enables the TCP selective acknowledgement option.

·     TF_ENHANCED_AUTH—Enables the enhanced authentication option.

recv delayack

This value is calculated by using the sequence number of the next expected packet on the MPU minus the initial receive sequence number.

time start/offset/nsroffset /start/lastrcv/tsrecent/tsrecentage

Time values:

·     time start—Time when the TCP connection was established, in jiffies.

·     offset—Timestamp minus the time (in jiffies) when SYN cookie was enabled.

·     nsroffset—NSR backup time for the TCP connection on the active MPU minus the NSR backup time on the standby MPU, in jiffies. This value is recorded on the standby MPU.

·     start—Time in the kernel, in jiffies.

·     lastrcv—Time when most recent TCP packet was received, in jiffies.

·     tsrecent—Timestamp when the last packet was received from the peer device.

·     tsrecentage—Time when the last packet with the timestamp option was received, in jiffies.

rexmt shift/ current/seq rtt/srtt/var/ low/min/best/updatetimes

Retransmission and round-trip time parameters:

·     rexmt shift—Packet retransmission times.

·     current—Retransmission interval.

·     seq—Start sequence number in the first retransmission in the round.

·     rtt—Last recent round-trip time.

·     srtt—Round-trip time after the smoothing.

·     var—Value of the round-trip time variable.

·     low—History minimum round-trip time.

·     min—Allowed minimum round-trip time.

·     best—Predicted best round-trip time.

·     updatetimes—Update times of the round-trip time.

 

Related commands

reset tcp trace cache

tcp trace cache-mode

display tcp trace cache-packet ipv6

Use display tcp trace cache-packet ipv6 to display packet information about a disconnected IPv6 TCP connection that is traced.

Syntax

display tcp trace cache-packet ipv6 source-ip source-ipv6-address source-port source-port-number destination-ip destination-ipv6-address destination-port destination-port-number [ vpn-instance vpn-instance-name ] [ verbose | wireshark ] [ last last-number ] slot slot-number

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

source-ip source-ipv6-address: Specifies the source IPv6 address of the TCP connection.

source-port source-port-number: Specifies the source port number of the TCP connection, in the range of 1 to 65535.

destination-ip destination-ipv6-address: Specifies the destination IPv6 address of the TCP connection.

destination-port destination-port-number: Specifies the destination port number of the TCP connection, in the range of 1 to 65535.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance to which the IPv6 TCP connection belongs. The vpn-instance-name argument represents the VPN instance name, a case-sensitive string of 1 to 31 characters. If you do not specify a VPN instance, this command displays information on the public network.

verbose: Displays detailed packet information about the TCP connection. If you do not specify this keyword, this command displays brief packet information about the TCP connection.

wireshark: Displays packet information in hexadecimal notation that is readable in Wireshark. You can save the packet information to a .txt file and export the file to the Wireshark software. If you do not specify this keyword, the command displays packet information in Wireshark unreadable format.

last last-number: Displays information about the last traced packets before the TCP connection is terminated. The last-number argument specifies the number of last traced packets, in the range of 1 to the maximum number of data packets that can be traced per TCP connection. The maximum number is determined by the packet-number argument in the tcp trace max-packet-number command. If you do not specify the last traced packet number, the command displays information about all packets in the TCP connection.

slot slot-number: Specifies a card by its slot number.

Examples

# Display packet information about a disconnected IPv6 TCP connection in VPN instance vpn1. The source IPv6 address of the connection is 1::1, source port number is 12345, destination IPv6 address is 1::2, and destination port number is 4567.

<Sysname> display tcp trace cache-packet ipv6 source-ip 1::1 source-port 12345 destination-ip 1::2 destination-port 4567 vpn-instance vpn1

 

 MDC ID: 1, Jul 5 09:37:58:917 2019, VPN name: vpn1

 Connection: 1::1->12345 --> 1::2->4567

 Reason: retransmit timeout

 sndmax/localackmax/scale/mss 494/79/8/1440

 rcvmax/peerackmax/scale/mss 1454317501/2840650368/3/1440

 iss 735989032, irs 2190306454, in 17(drop 0), out 28, retrans 0

 connection time: Jul 26 10:55:14:089 2019

 

 (1) Jul 26 10:55:14:129 2019 In

 seq 2190306455(1), ack 735989033(1), data 21, NSR invalid (CLOSED)

 flag PSH ACK, status ESTABLISHED, win: 258, csum: 0x331d

 

 (2) Jul 26 10:55:14:129 2019 Out

 seq 735989033(1), ack 2190306476(22), data 0, NSR invalid (CLOSED)

 flag ACK, status ESTABLISHED, win: 537, csum: 0x614c

# Display detailed packet information about a disconnected IPv6 TCP connection in VPN instance vpn1. The source IPv6 address of the connection is 1::1, source port number is 12345, destination IPv6 address is 1::2, and destination port number is 4567.

<Sysname> display tcp trace cache-packet ipv6 source-ip 1::1 source-port 12345 destination-ip 1::2 destination-port 4567 vpn-instance vpn1 verbose

 

 MDC ID: 1, Jul 5 09:37:58:917 2019, VPN name: vpn1

 Connection: 1::1->12345 --> 1::2->4567

 Reason: retransmit timeout

 sndmax/localackmax/scale/mss 494/79/8/1440

 rcvmax/peerackmax/scale/mss 1454317501/2840650368/3/1440

 iss 735989032, irs 2190306454, in 17 (drop 0), out 28, retrans 0

 connection time: Jul 26 10:55:14:089 2019

 

 (1) Jul 26 10:55:14:129 2019 In

 seq 2190306455(1), ack 735989033(1), data 21, NSR invalid (CLOSED)

 flag PSH ACK, status ESTABLISHED, win: 258, csum: 0x331d

 iss/sndcc/unack/next/max/wnd: 735989032/0/1/1/1/66048,

 irs/rcvcc/undeliver/next/adv/wnd: 2190306454/0/0/1/4097/4320.

 socket state: ISCONNECTED

 socket options: SO_REUSEADDR

 inpcb flags: INP_RECVRETOPTS

 inpcb extflag: INP_RCVPWID

 TCP options: TF_DELACK

 recv delayack: 0

 time start/offset/nsroffset start/lastrcv/tsrecent tsrecentage

 1418899227/845300/56320

 1499899344/1498899727/1488899357

 1518399852

 rexmt shift/current/seq rtt/srtt/var low/min/best updatetimes

 300/123/2973724425 436/621/500

 420/650/630 321

# Display packet information in Wireshark readable format about a disconnected IPv6 TCP connection in VPN instance vpn1. The source IPv6 address of the connection is 33::10, source port number is 21, destination IPv6 address is 33::1, and destination port number is 1089.

<Sysname> display tcp trace cache-packet ipv6 source-ip 33::10 source-port 21 destination-ip 33::1 destination-port 1089 vpn-instance vpn1 wireshark

 

 0000   8c dc d4 36 78 92 3c 8c 40 04 29 cf 86 dd 60 02

 0010   a0 77 00 20 06 40 00 33 00 00 00 00 00 00 00 00

 0020   00 00 00 00 00 10 00 33 00 00 00 00 00 00 00 00

 0030   00 00 00 00 00 01 04 41 00 15

Table 3 Command output

Field

Description

MDC ID

ID of the MDC. The value is 1 if the TCP connection is in the default MDC.

Jul 5 09:37:58:917 2019

Time when the display tcp trace cache-packet ipv6 command was executed.

VPN name

Name of the VPN instance to which the TCP connection belongs. This field displays N/A if the TCP connection is on the public network.

Connection

Source IPv6 address, source port number, destination IPv6 address, and destination port number in the IPv6 TCP connection.

Reason

Reason why the TCP connection was disconnected:

·     received reset—The local device received an RST packet.

·     sent reset—The local device sent an unsolicited RST packet.

·     peer normal close—The peer device was normally shut down.

·     application normal close—The application using the TCP connection was normally closed on the local device.

·     application abnormal close—The application using the TCP connection was abnormally closed on the local device .

·     keepalive timeout—The keepalive probing timed out.

·     persist timeout—The persist timer expired.

·     retransmit timeout—The retransmission timed out.

·     backup drop—Invalid NSR standby MPU.

sndmax/localackmax/scale/mss

Packet sending information:

·     sndmax—Increment of the send sequence number, which is calculated by using the following formula: sequence number in the last sent packet - initial sequence number.

·     localackmax—Increment of the sequence number in the ACK packet for the locally sent packet, which is calculated by using following formula: sequence number in the last received ACK packet - sequence number in the initial ACK packet.

·     scale—TCP window size scale factor.

·     mss—Maximum segment size in sent packets.

rcvmax/peerackmax/scale/mss

Packed receiving information:

·     rcvmax—Increment of the receive sequence number, which is calculated by using the following formula:
Sequence number in the last received packet - Initial sequence number.

·     peerackmax—Increment of the sequence number in the ACK packet for the packet received on the local device, which is calculated by using the following formula: sequence number in the last sent ACK packet - sequence number in the initial ACK packet.

·     scale—TCP window size scale factor.

·     mss—Maximum segment size in received packets.

iss

Sequence number in the SYN packet when the IPv6 TCP connection was established.

irs

Sequence number in the ACK packet when the IPv6 TCP connection was established.

in x (drop x)

Number of received IPv6 packets. The value in parentheses (()) indicates the number of dropped IPv6 packets.

out

Number of IPv6 packets that have been sent.

retrans

Number of IPv6 packets that have been retransmitted.

connection time

Time when the TCP connection was established.

(1)

Display number of the packet information.

Jul 6 09:37:58:917 2019

Packet exchange time.

In

Incoming IPv6 TCP packet.

Out

Outgoing IPv6 TCP packet.

RS

Retransmitted IPv6 TCP packet.

seq

Send sequence number. The value in parentheses (()) indicates the relative send sequence number, which is  calculated by using the following formula: send sequence number - initial send sequence number.

ack

Acknowledgment number. The value in parentheses (()) indicates the relative receive sequence number, which is  calculated by using the following formula: receive sequence number - initial receive sequence number.

data

Data length in the IPv6 TCP packet.

NSR

Validity state of NSR:

·     valid.

·     invalid.

CLOSED

NSR state of the TCP connection. Values include:

·     CLOSED—Closed (initial) state.

·     CLOSING—The connection is to be closed.

·     ENABLED—The backup is enabled.

·     OPEN—The connection synchronization has started.

·     PENDING—The connection backup is not ready.

·     READY—The connection backup is ready.

·     SMOOTH—The connection data is being smoothed.

flag

TCP flag:

·     FIN—Terminates the connection.

·     SYN—Establishes the connection.

·     RST—Resets the connection.

·     PSH—Notifies the receiver to immediately process the data instead of buffering it.

·     ACK—Acknowledges the receipt of data.

·     URG—Notifies the receiver to first process the urgent data.

status

TCP connection state:

·     CLOSED—The server receives a disconnection request's reply from the client.

·     LISTEN—The server is waiting for connection requests.

·     SYN_SENT—The client is waiting for the server to reply to the connection request.

·     SYN_RCVD—The server receives a connection request.

·     ESTABLISHED—The server and client have established connections and can transmit data bidirectionally.

·     CLOSE_WAIT—The server receives a disconnection request from the client.

·     FIN_WAIT_1—The client is waiting for the server to reply to a disconnection request.

·     CLOSING—The server and client are waiting for peer's disconnection reply when receiving disconnection requests from each other.

·     LAST_ACK—The server is waiting for the client to reply to a disconnection request.

·     FIN_WAIT_2—The client receives a disconnection reply from the server.

·     TIME_WAIT—The client receives a disconnection request from the server.

win

IPv6 TCP window size

csum

Checksum in the IPv6 TCP extension header

iss/sndcc/unack/next/max/wnd

Packet sending information:

·     iss—Initial send sequence number.

·     sndcc—Number of bytes in the send buffer.

·     unack—Sequence number in the first data packet that has been sent but not acknowledged minus the initial sequence number.

·     next—Sequence number in the next packet to be sent minus the initial sequence number.

·     max—Send maximum sequence number minus the initial sequence number.

·     wnd—TCP send window size.

·     wnd—IPv6 TCP send window size.

irs/rcvcc/undeliver/next/adv/wnd

Packet receiving information:

·     irs—Initial receive sequence number.

·     rcvcc—Number of bytes in the receive buffer.

·     undeliver—Sequence number in the received data packet that has been not been delivered minus the initial receive sequence number.

·     next—Sequence number of the next expected packet.

·     adv—Advertised sequence number of the sliding window minus the initial sequence number.

·     wnd—IPv6 TCP receive window size.

socket state

Socket state:

·     NOFDREF—The user has closed the connection.

·     ISCONNECTED—The connection has been established.

·     ISCONNECTING—The connection is being established.

·     ISDISCONNECTING—The connection is being interrupted.

·     ASYNC—Asynchronous mode.

·     ISDISCONNECTED—The connection has been terminated.

·     PROTOREF—Indicates strong protocol reference.

·     N/A—None of above state.

socket options

Socket options:

·     SO_DEBUG—Records socket debugging information.

·     SO_ACCEPTCONN—Enables the server to listen connection requests.

·     SO_REUSEADDR—Allows the local address reuse.

·     SO_KEEPALIVE—Requires the protocol to test whether the connection is still alive.

·     SO_DONTROUTE—Bypasses the routing table query for outgoing packets because the destination is in a directly connected network.

·     SO_BROADCAST—Supports broadcast packets.

·     SO_LINGER—Closes the socket. The system can still send remaining data in the socket send buffer.

·     SO_OOBINLINE—Stores the out-of-band data in the input queue.

·     SO_REUSEPORT—Allows the local port reuse.

·     SO_TIMESTAMP—Records the timestamps of the incoming packets, accurate to milliseconds. This option is applicable to protocols that are not connection orientated.

·     SO_NOSIGPIPE—Disables the socket from sending data. As a result, a sigpipe cannot be established when a return failure occurs.

·     SO_FILTER—Supports setting the packet filter criterion. This option takes effect on the incoming packets.

·     SO_TIMESTAMPNS—Has a similar function with the timestamp, accurate to nanoseconds.

·     N/A—No options are set.

inpcb flags

Flags in the Internet PCB:

·     INP_RECVOPTS—Receives IPv6 options.

·     INP_RECVRETOPTS—Receives replied IPv6 options.

·     INP_RECVDSTADDR—Receives destination IPv6 address.

·     INP_HDRINCL—Provides the entire IPv6 header.

·     INP_REUSEADDR—Reuses the IPv6 address.

·     INP_REUSEPORT—Reuses the port number.

·     INP_ANONPORT—Port number not specified.

·     INP_PROTOCOL_PACKET—Identifies a protocol packet.

·     IN6P_IPV6_V6ONLY—Only supports IPv6 protocol stack.

·     IN6P_PKTINFO—Receives the source IPv6 address and input interface of the packet.

·     IN6P_HOPLIMIT—Receives the hop limit.

·     IN6P_HOPOPTS—Receives the hop-by-hop options extension header.

·     IN6P_DSTOPTS—Receives the destination options extension header.

·     IN6P_RTHDR—Receives the routing extension header.

·     IN6P_RTHDRDSTOPTS—Receives the destination options extension header preceding the routing extension header.

·     IN6P_TCLASS—Receives the traffic class of the packet.

·     IN6P_AUTOFLOWLABEL—Attaches a flow label automatically.

·     IN6P_RFC2292—Uses the API specified in RFC 2292.

·     IN6P_MTU—Discovers differences in the MTU size of every link along a given data path. TCP does not support this flag.

·     INP_RCVMACADDR—Receives the MAC address of the frame.

·     INP_USEICMPSRC—Uses the user-defined source IP address of ICMP messages as the source address.

·     INP_SYNCPCB—Waits until Internet PCB is synchronized.

·     N/A—None of the above flags.

inpcb extflag

Extension flags in the Internet PCB:

·     INP_EXTRCVPVCIDX—Records the PVC index of the received packet.

·     INP_RCVPWID—Records the PW ID of the received packet.

·     INP_EXTDONTDROP—Does not drop the received packet.

·     INP_EXLISTEN—Listens to the socket.

·     N/A—None of the above flags.

TCP options

TCP options:

·     TF_MD5SIG—Enables MD5 signature.

·     TF_NODELAY—Disables the Nagle algorithm that buffers the sent data inside the TCP.

·     TF_NOOPT—No TCP options.

·     TF_NOPUSH—Forces TCP to delay sending any TCP data until a full sized segment is buffered in the TCP buffers.

·     TF_BINDFOREIGNADDR—Binds the peer IP address.

·     TF_NSR—Enables TCP NSR.

·     TF_REQ_SCALE—Enables the TCP window scale option.

·     TF_REQ_TSTMP—Enables the timestamp option.

·     TF_SACK_PERMIT—Enables the TCP selective acknowledgement option.

·     TF_ENHANCED_AUTH—Enables the enhanced authentication option.

recv delayack

This value is calculated by using the sequence number of the next expected packet on the MPU minus the initial receive sequence number.

time start/offset/nsroffset/start/lastrcv/tsrecent/tsrecentage

Time values:

·     time start—Time when the TCP connection was established, in jiffies.

·     offset—Timestamp minus the time (in jiffies) when SYN cookie was enabled.

·     nsroffset—NSR backup time for the TCP connection on the active MPU minus the NSR backup time on the standby MPU, in jiffies. This value is recorded on the standby MPU.

·     start—Time in the kernel, in jiffies.

·     lastrcv—Time when most recent TCP packet was received, in jiffies.

·     tsrecent—Timestamp when the last packet was received from the peer device.

·     tsrecentage—Time when the last packet with the timestamp option was received, in jiffies.

rexmt shift/current/seq /rtt/srtt/var/low/min/best/updatetimes

Retransmission and round-trip time parameters:

·     rexmt shift—Packet retransmission times.

·     current—Retransmission interval.

·     seq—Start sequence number in the first retransmission in the round.

·     rtt—Last recent round-trip time.

·     srtt—Round-trip time after the smoothing.

·     var—Value of the round-trip time variable.

·     low—History minimum round-trip time.

·     min—Allowed minimum round-trip time.

·     best—Predicted best round-trip time.

·     updatetimes—Update times of the round-trip time.

 

Related commands

reset tcp trace cache

tcp trace cache-mode

display tcp trace information

Use display tcp trace information to display the TCP connection trace configuration and statistics.

Syntax

display tcp trace information slot slot-number

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

slot slot-number: Specifies a card by its slot number.

Usage guidelines

If disconnected TCP connections exist on the device, this command displays disconnected connection statistics for each disconnection reason.

If no disconnected TCP connections exist on the device, this command does not display any disconnection reason fields.

Examples

# Display the TCP connection trace configuration and statistics when disconnected TCP connections exist on the device.

<Sysname> display tcp trace information

 Trace rules: Only-new-connection, IPv4 ACL 2100, IPv6 ACL 2200

 Max packets per connection: 600

 Memory quota: 200 MB

 Persist status: Non-persist

 Cache-mode: All

 State: Enabled

 Tracing connections: 100

 Caching disconnected connections: 30

 Disconnected connections: 50

  Received reset: 10

  Sent reset: 10

  Peer normal close: 0

  Application normal close: 20

  Application abnormal close: 9

  Keepalive timeout: 0

  Persist timeout: 0

  Retransmit timeout: 1

  Backup drop: 0

# Display the TCP connection trace configuration and statistics when no disconnected TCP connections exist on the device.

<Sysname> display tcp trace information

 Trace rules: Only-new-connection, IPv4 ACL 2100, IPv6 ACL 2200

 Max packets per connection: 600

 Memory quota: 200 MB

 Persist status: Non-persist

 Cache-mode: All

 State: Enabled

 Tracing connections: 100

 Caching disconnected connections: 0

 Disconnected connections: 0

Table 4 Command output

Field

Description

Trace rules

TCP connection trace rules:

·     All—Traces all TCP connections.

·     Only-new-connection—Traces only new connections that are established after you enable TCP connection trace.

·     IPv4 ACL—Traces the TCP connections that match the specified IPv4 ACL.

·     IPv6 ACL—Traces the TCP connections that match the specified IPv6 ACL.

Value All is exclusive with other values (Only-new-connection, IPv4 ACL, and IPv6 ACL). Values Only-new-connection, IPv4 ACL, and IPv6 ACL can be displayed at the same time.

Max packets number per connection

Maximum number of data packets that can be traced per TCP connection.

Memory quota

Memory quota for recording TCP packet information, in MB.

Persist status

Whether the TCP connection trace configuration is saved into the database file:

·     Persist—The TCP connection trace configuration is saved into the database file.

·     Non-persist—The TCP connection trace configuration is not saved into the database file.

Cache-mode

Type of disconnected TCP connections that the TCP connection trace feature records:

·     All—Records information about all disconnected TCP connections.

·     Abnormal-close—Records information about only abnormally closed TCP connections.

State

Enabling status of TCP connection trace:

·     Enabled.

·     Disabled.

Caching disconnected connections

Total number of disconnected TCP connections that have been recorded.

Tracing connections

Total number of normal TCP connections that are being traced.

Disconnected connections

Total number of disconnected TCP connections that are being traced.

Received reset

Total number of TCP connections that were disconnected because the device received RST packets.

Sent reset

Total number of TCP connections that were disconnected because the device sent unsolicited RST packets.

Peer normal close

Total number of TCP connections that were disconnected because the peer device has been normally shut down.

Application normal close

Total number of TCP connections that were disconnected because the applications using these connections on the local device have been normally closed.

Application abnormal close

Total number of TCP connections that were disconnected because the applications using these connections on the local device have been abnormally closed.

Keepalive timeout

Total number of TCP connections that were disconnected because the keepalive probing timed out.

Persist timeout

Total number of TCP connections that were disconnected because the persist timer expired.

Retransmit timeout

Total number of TCP connections that were disconnected because the retransmission timed out.

Backup drop

Total number of TCP connections that were disconnected because of the invalid NSR standby MPU.

 

Related commands

tcp trace cache-mode

tcp trace filter

tcp trace max-packet-number

tcp trace memory-quota

tcp trace persist

tcp trace cache-mode

Use tcp trace cache-mode to specify a cache mode for TCP connection trace.

Use undo tcp trace cache-mode to restore the default.

Syntax

tcp trace cache-mode { abnormal-close | all }

undo tcp trace cache-mode

Default

The TCP connection trace feature records information only for the abnormally closed TCP connections.

Views

User view

Predefined user roles

network-admin

Parameters

abnormal-close: Specifies TCP connections that are abnormally closed.

all: Specifies all disconnected connections.

Usage guidelines

The TCP connection trace feature does not record information about normally closed TCP connections by default. To enable recording of those connections, specify the all keyword in this command. You can use the following commands to view related information:

·     display tcp trace cache-connection

·     display tcp trace cache-packet ip

·     display tcp trace cache-packet ipv6

Examples

# Configure the TCP connection trace feature to record information about all disconnected connections.

<Sysname> tcp trace cache-mode all

Related commands

display tcp trace cache-connection

display tcp trace cache-packet ip

display tcp trace cache-packet ipv6

display tcp trace information

tcp trace enable

Use tcp trace enable to enable TCP connection trace.

Use undo tcp trace enable to disable TCP connection trace.

Syntax

tcp trace enable

undo tcp trace enable

Default

TCP connection trace is disabled.

Views

User view

Predefined user roles

network-admin

Usage guidelines

This feature traces TCP connections on the device, records information (including packet information) about existing connections, and saves information about abnormally closed connections. The recorded information helps you locate TCP disconnection reasons.

You can enable TCP connection trace on either a TCP client or TCP server. Because a TCP server has more TCP connections than a TCP client, this feature on a TCP server consumes more memory resources than on the TCP client. If you want to trace specific TCP connections, enable this feature on the TCP client as a best practice.

Examples

# Enable TCP connection trace.

<Sysname> tcp trace enable

Related commands

display tcp trace cache-connection

display tcp trace cache-packet ip

display tcp trace cache-packet ipv6

display tcp trace information

tcp trace filter

Use tcp trace filter to configure TCP connection trace rules.

Use undo tcp trace filter to restore the default.

Syntax

tcp trace filter { acl acl-number | acl6 ipv6-acl-number | only-new-connection } *

undo tcp trace filter

Default

All existing TCP connections are traced.

Views

User view

Predefined user roles

network-admin

Parameters

acl acl-number: Specifies an IPv4 ACL by its number in the range of 2000 to 3999.

acl6 ipv6-acl-number: Specifies an IPv6 ACL by its number in the range of 2000 to 3999.

only-new-connection: Specifies new connections that are established after the TCP connection trace feature is enabled. If you do not specify the keyword, the device traces all existing TCP connections.

Usage guidelines

To trace the TCP connection of an important service, first configure an IPv4 or IPv6 ACL to identify packets of the service, and then specify the ACL in this command.

You can configure TCP connection trace rules only when the TCP connection trace feature is not enabled.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Configure the device to trace TCP connections that match IPv4 ACL 3200.

<Sysname> tcp trace filter acl 3200

Related commands

display tcp trace information

rule (IPv4 advanced ACL view) (ACL and QoS Command Reference)

rule (IPv6 advanced ACL view) (ACL and QoS Command Reference)

tcp trace enable

tcp trace max-packet-number

Use tcp trace max-packet-number to set the maximum number of traced data packets per TCP connection.

Use undo tcp trace max-packet-number to restore the default.

Syntax

tcp trace max-packet-number packet-number

undo tcp trace max-packet-number

Default

The TCP connection trace feature can trace a maximum of 500 data packets per connection.

Views

User view

Predefined user roles

network-admin

Parameters

packet-number: Specifies the maximum number of data packets that can be traced per TCP connection, in the range of 10 to 2000.

Usage guidelines

The device might have lots of TCP connections. If a traced TCP connection has a large number of packets, the device might not have enough memory to trace other TCP connections. To avoid this situation, use this command to set the maximum number of packets that can be traced per connection.

This feature counts the number of incoming and outgoing data packets for each TCP connection. When the number of traced packets in a TCP connection exceeds the upper limit, new records of the connection overwrite its old records.

You can set the maximum number of packets that can be traced per connection only when the TCP connection trace feature is not enabled. To disable TCP connection trace, execute the undo tcp trace enable command.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Allow the TCP connection trace feature to trace a maximum of 100 data packets per TCP connection.

<Sysname> tcp trace max-packet-number 100

Related commands

display tcp trace information

tcp trace enable

tcp trace memory-quota

Use tcp trace memory-quota to set a memory quota for recording TCP connection information.

Use undo tcp trace memory-quota to restore the default.

Syntax

tcp trace memory-quota memory-quota

undo tcp trace memory-quota

Default

A 100 MB memory is allocated for recording TCP connection information.

Views

User view

Predefined user roles

network-admin

Parameters

memory-quota: Specifies a memory quota in MB. The value range is 0 to 500. Value 0 indicates that the memory for recording TCP connection information is not limited.

Usage guidelines

After you enable the TCP connection trace feature, the device starts recording information about packets of specified TCP connections, including the packet sequence number and send time. If a large number of TCP connections exist on the device, it will consume a large amount of memory to record packet information, affecting the performance of other features. To avoid this situation, set a reasonable memory quota as a best practice.

When the allocated memory is used up, the device does not record packet information about new TCP connections. For an existing connection, new packet records overwrite its old records.

You can set the memory quota only when the TCP connection trace feature is not enabled. To disable TCP connection trace, execute the undo tcp trace enable command.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Set the memory quota to 200 MB for recording TCP connection information.

<Sysname> tcp trace memory-quota 200

Related commands

display tcp trace information

tcp trace enable

tcp trace persist

Use tcp trace persist to enable persistence for the TCP connection trace configuration.

Use undo tcp trace persist to disable persistence for the TCP connection trace configuration.

Syntax

tcp trace persist

undo tcp trace persist

Default

Persistence for the TCP connection trace configuration is disabled.

Views

User view

Predefined user roles

network-admin

Usage guidelines

By default, the TCP connection trace configuration cannot survive a device reboot. To enable the existing TCP connection trace configuration to continue taking effect after the reboot, execute both the tcp trace persist and save commands.

·     The tcp trace persist command enables the device to save the TCP connection trace configuration into the database file.

·     The save command enables the device to save the TCP connection trace configuration in the database file into the .mdb binary configuration file.

When the device reboots, the TCP connection trace configuration is automatically restored from the binary file.

Examples

# Enable persistence for TCP connection trace configuration.

<Sysname> tcp trace persist

Related commands

display tcp trace information

save (Fundamentals Command Reference)

reset tcp trace cache

Use reset tcp trace cache to clear the connection and packet information about all disconnected TCP connections.

Syntax

reset tcp trace cache

Views

User view

Predefined user roles

network-admin

Examples

# Clear the connection and packet information about all disconnected TCP connections.

<Sysname> reset tcp trace cache

Related commands

display tcp trace cache-connection

display tcp trace cache-packet ip

display tcp trace cache-packet ipv6

  • Cloud & AI
  • InterConnect
  • Computing
  • Security
  • SMB Products
  • Intelligent Terminal Products
  • Product Support Services
  • Technical Service Solutions
All Services
  • Resource Center
  • Policy
  • Online Help
All Support
  • Become a Partner
  • Partner Resources
  • Partner Business Management
All Partners
  • Profile
  • News & Events
  • Online Exhibition Center
  • Contact Us
All About Us
新华三官网