Topics: AIX, Networking, System Admin

Using iptrace

The iptrace command can be very useful to find out what network traffic flows to and from an AIX system.

You can use any combination of these options, but you do not need to use them all:

  • -a   Do NOT print out ARP packets.
  • -s [source IP]   Limit trace to source/client IP address, if known.
  • -d [destination IP]   Limit trace to destination IP, if known.
  • -b   Capture bidirectional network traffic (send and receive packets).
  • -p [port]   Specify the port to be traced.
  • -i [interface]   Only trace for network traffic on a specific interface.

Run iptrace on AIX interface en1 to capture port 80 traffic to file trace.out from a single client IP to a server IP:
# iptrace -a -i en1 -s clientip -b -d serverip -p 80 trace.out
This trace will capture both directions of the port 80 traffic on interface en1 between the clientip and serverip and sends this to the raw file of trace.out.

To stop the trace:
# ps -ef|grep iptrace
# kill 
The ipreport command can be used to transform the trace file generated by iptrace to human readable format:
# ipreport trace.out >

If you found this useful, here's more on the same topic(s) in our blog:

UNIX Health Check delivers software to scan Linux and AIX systems for potential issues. Run our software on your system, and receive a report in just a few minutes. UNIX Health Check is an automated check list. It will report on perfomance, capacity, stability and security issues. It will alert on configurations that can be improved per best practices, or items that should be improved per audit guidelines. A report will be generated in the format you wish, and the report includes the issues discovered and information on how to solve the issues as well.

Interested in learning more?