A recent enhancement to the 6.1 communications trace support allows the collected communications trace data to be dumped to a file in the packet capture (PCAP) format. The Dump Communications Trace (DMPCMNTRC) command was introduced in V5R3. This command lets you dump a communications trace to a stream file. Prior to the 6.1 enhancement, you could then print the dumped trace data with the Print Communications Trace command. Why would you want to dump a communications trace to a file rather than print it? There are a couple of reasons:
- If you're using IPv6 and want to format the trace for the IPv6 headers, you must first dump the trace to a file, then print the trace.
- By dumping the communications trace to a file, you can start another trace on the same communications line, yet keep the prior trace data; when it's been dumped, you can print it multiple times with different options if you want.
IBM recently added support to dump the communications trace data into a file in the PCAP format. Dumping the data in the PCAP format is pretty simple -- you need to create a data area named QCMNTRCPCP in QGPL; the existence of the data area controls whether the communications trace data is dumped in the IBM i internal format or the PCAP format. Dumping the communications trace data in PCAP format lets you use other tools, such as Wireshark or tcpdump, to analyze the trace data. These tools offer formatting and analysis options that the IBM i Print Communications Trace (PRTCMNTRC) functionality doesn't support.
You can expect in the next release after 6.1 the DMPCMNTRC command will be enhanced with new command parameters to specify the dump is to a file in the *PCAP format and you will no longer need to create a data area to enable the function.
This function is available with PTF SI33685. The PTF cover letter has the documentation for this enhancement.