Packet Tracing with the PTRACE command

UPDATED: August 26, 1999

SUMMARY:

The ptrace command is a powerful and versatile tool used to monitor information about packets passing through or arriving at the PortMaster (TM). Ptrace takes the name of a filter as an argument which is used to compare packet type and packet header type to determine if information about the packet is to be displayed to the console. If the filter rule is 'permit' the information about the packet is displayed.

The 'extended' keyword will show each packet that matches the filter as it enters the PortMaster, and as it leaves the PortMaster, and the interface used for entry and exit.

  • Displayed packet information
  • Source address of the packet
  • Destination address of the packet
  • Protocol (TCP, ICMP, UDP, IPX, ESP, AH)
  • Protocol specific information

SYNTAX:

set console
# sets console to current admin session
ptrace [filter name] | extended
# starts packet trace
ptrace
# stops packet trace

NOTES:

  • Always be sure to disable packet filtering before exiting the PortMaster. The ptrace command operates at a lower level than the login prompt and ptrace information will be displayed at the login prompt before logging in if the user gets the console session.
  • If no filter name is provided then packet tracing is disabled.
  • In order to see the ptrace packets you must have your administrative session to the PortMaster set as the console.
  • If you are telnetting to the PortMaster be sure to filter out your own traffic or else you will really get more output than you can handle.
  • The ptrace command can be abbreviated as 'pt'