Use Wireshark To Diagnose IBM i Communications Problems
March 5, 2014 Ted Holt
Troubleshooting communications problems is akin to dealing with teenagers. There’s plenty of room for blame and finger-pointing, and resolving a problem sometimes seems impossible. I don’t have anything to help you with teenagers, but I can recommend a free tool for communications problems. It’s called Wireshark, and here’s how to use it with IBM i communications traces.
First, visit www.wireshark.org to get Wireshark. It is a network protocol analyzer that runs under Microsoft Windows and several operating systems of the Unix flavor. Like the best things in life, Wireshark is free.
Next, install the QSPTLIB library. This is a library of tools that the helpful people at IBM Rochester have developed to help them help us. IBM doesn’t support this software, but they’ll let you use it. The QSPTLIB library is available as a save file PTF.
V5R2M0 - SE06946 V5R3M0 - SE16633 V5R4M0 - SE24152 V6R1M0 - SE32507 V7R1M0 - SE45610
I was not able to order this PTF through normal channels and had to have IBM send it to me. I used a binary FTP transfer to put the save file onto my IBM i system.
Since it’s a save file PTF, not a regular PTF, you’ll need to use the RSTLIB command to restore the library.
RSTLIB SAVLIB(QSPTLIB) DEV(*SAVF) SAVF(QGPL/QSE45610)
Now you’re ready for a communications trace. Run the Trace Connection command (TRCCNN), replacing the little x’s with the IP address of the remote system, to start the communications trace.
TRCCNN SET(*ON) TRCTYPE(*IP) TRCTBL(TRCCNNIP) SIZE(998000) TCPDTA(*N () () *N 'xxx.xxx.xxx.xxx')
Do whatever you do to interact with the remote system. In my case, I was accessing a Web service.
Turn off tracing.
TRCCNN SET(*OFF) TRCTBL(TRCCNNIP) CCSID(*ASCII)
This process gave me a spooled file called QSYSPRT. It’s a plain ol’ vanilla report. Humans can read it, but Wireshark can’t. Wireshark needs a
Run the following commands to access the support tools menu.
ADDLIBLE SPTLIB SPT
Take option 12 to display the Communications Trace menu. From there, use option 15 to convert the spooled trace to a CAP file.
CVTTRCCNN SPLF(QSYSPRT * *LAST) OUTF('/some-directory/comm-trace.cap')
At this point, you have a brand new cap file in the IFS. Copy it to the machine on which you’re running Wireshark. I used a binary FTP transfer.
If you open the cap file in Wireshark, you’ll see something like this:
(Click graphic to enlarge.)
How much of a Wireshark guru you want to be is up to you. You can find plenty of information, and even buy a book, at wireshark.org. You may even want to attend the upcoming SHARKFEST ’14 conference, which will be held June 16-20 in San Rafael, California.
In my case, I sent the cap files to IBM Rochester. Patient and sagacious Richard showed me how to find the problem, which I shared with my contact at the Web service, who also knew what Wireshark was and how to use it. Before long, the problem was resolved, and now my application runs all day long and never misses a beat.
I was so excited to have my communications problem resolved, I forgot to ask Richard if he had anything to help with teenagers!
Ted thanks Richard Halleen of IBM for his assistance with a messy communications problem, and for introducing him to Wireshark and QSPTLIB.