Writing a packet trace in Sniffer format to a data set

Use the following procedure to write a packet trace in Network Associates Sniffer format to a data set. The file can then be used as input to Wireshark.

Before you begin

You must preallocate a data set before you begin writing a packet trace to a data set in Sniffer format. This process is not performed within the program. The packet data set attributes must be as follows:

  • Organization: PS
  • Record format: VB
  • Record Length: 1600
  • Block Size: 27998

For more information, see the MainView for IP Customization Guide.

Warning

The USERID for the MainView for IP started-task-address-space is used when the packet trace is written to a data set. The operation will fail if the USERID does not have SAT authority to write to the data set. You can enable the packet trace write function by granting the proper access and write authority to the PAS.

Tip

To specify whether the packet trace wraps to the end of the trace table, use the MVIP Parm Configuration (MVIPCONF) view to set the Pkttrace Wrap parameter. For more information, see the MainView for IP Customization Guide.

To write a packet trace in Sniffer format to a data set

  1. From the EZIP menu select Packet Tracing from the Diagnostics section, and press Enter.
  2. In the Command field of the packet tracing view (PKTTRACE), type SNIFF, and press Enter.

  3. Type the name of the data set in the File Name field, and any other types of filters that you want, and press Enter

    Tip

    Before pressing F3, you can limit the parameters of the packet trace by typing an entry in one or more of the following fields:

    • Start Date
    • Start Time
    • Stop Date
    • Stop Time
    • Protocol
    • IP Address
    • Port Number
    • Data Length
  4. Press F3 or type END to complete the task.A message is displayed that confirms the packet trace is being written to the specified data set.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*