Technical data

ManualsBrandsCompaq ManualsComputer equipmentCompaq TCP/IP Services for OpenVMS

Troubleshooting Techniques and Tools

1.2 Isolating Problems

In the ﬁrst example, host helios responds to query ID 3 from host h2opolo with 3

answer records, 3 name server records, and 7 authority records. The ﬁrst answer

record is type A (address) and its data is Internet address 128.32.137.3. The total

size of the response is 273 bytes, excluding UDP and IP headers. The op (Query)

and response code (NoError) are omitted, as is the class (C_IN) of the A record.

In the second example, host helios responds to query 2 with a response code

of nonexistent domain (NXDomain) with no answers, one name server and no

authority records. The asterisk (*) indicates that the authoritative answer bit is

set. Since there are no answers, no type, class, or data are displayed.

Other ﬂag characters that might appear are the minus sign (-) (recursion

available, RA, not set) and vertical bar ( | ) (truncated message, TC, set). If

the ‘‘question’’ section does not contain exactly one entry,

[nq]

is displayed.

Note that name server requests and responses tend to be large, and the default

value of snaplen, 96 bytes, may not capture enough of the packet to print. Use

the

-s

option to increase the snaplen if you need to seriously investigate name

server trafﬁc.

1.2.5.3.7 Sun RPC Requests and Replies Sun RPC (RFC 1057) is decoded as

described in Table 1–4, as are several of the protocols that use Sun RPC.

Table 1–4 SUN RPC Requests

Name Users Description

PORTMAP libc.a, portmap Maps RPC program numbers to TCP/UDP

ports.

MOUNT mount, mountd Maps ﬁle names to NFS ﬁle handles.

NLM rpc.lockd NFS remote ﬁle locking.

STAT rpc.statd, rpc.lockd Remote status monitor.

YP libc.a, ypserv Network Information Services.

YPBIND ypbind, ypset NIS domain manipulation.

NFS UNIX Network File System.

Requests sent using TCP must start at the beginning of a packet to be decoded.

Normally they are; however, applications that have multiple requests outstanding

(for example, NFS) may not always do this.

Replies can only be decoded if the request was found and only if they start a

packet.

The form of an RPC request and reply is as follows:

src.xid > dst.prot-vn: len call op args

src.xid > dst.prot-vn: len reply op results

For example, NFS mounting a ﬁle system generates:

clnt.312dbc68 > svc.pmap-v2: 56 call getport prog "nfs" V3 prot UDP po0

svc.312dbc68 > clnt.pmap-v2: 28 reply getport 2049

clnt.312deff8 > svc.pmap-v2: 56 call getport prog "mount" V3 prot UDP 0

svc.312deff8 > clnt.pmap-v2: 28 reply getport 1034

clnt.312deff8 > svc.mount-v3: 124 call mount "/build"

svc.312deff8 > clnt.mount-v3: 68 reply mount OSF/1 fh 8,3079/1.2

clnt.907312 > svc.nfs-v3: 148 call getattr OSF/1 fh 8,3079/1.2

svc.907312 > clnt.nfs-v3: 112 reply getattr {dir size 1024 mtime ... }

Troubleshooting Techniques and Tools 1–19