Trace output from the command line or the LANtools trace dialog can often be very long, because the trace receives information from the device at a very high frequency. To make the trace output easier to understand, you can apply appropriate filters. The filters use a search function to analyze the trace output and present the desired information only.
In the following example, the administrator activates a simple IP router trace on a device with three Internet connections and sends pings to different destinations. The unfiltered trace output shows all packets processed by the IP router in the device:
root@MyDevice:/ > trace # ip-router IP-Router ON root@MyDevice:/ >[IP-Router] 2010/12/20 17:11:06,430 IP-Router Rx (LAN-1, INTRANET3, RtgTag: 3): DstIP: 4.4.4.1, SrcIP: 192.168.3.100, Len: 84, DSCP/TOS: 0x00 Prot.: ICMP (1), echo request, id: 0x0015, seq: 0x1cde Route: WAN Tx (INTERNET3) [IP-Router] 2010/12/20 17:11:06,430 IP-Router Rx (LAN-1, INTRANET1, RtgTag: 1): DstIP: 11.11.11.1, SrcIP: 192.168.1.100, Len: 84, DSCP/TOS: 0x00 Prot.: ICMP (1), echo request, id: 0x0016, seq: 0x1ccf Route: WAN Tx (INTERNET1) [IP-Router] 2010/12/20 17:11:06,430 IP-Router Rx (INTERNET1, RtgTag: 1): DstIP: 192.168.1.100, SrcIP: 11.11.11.1, Len: 84, DSCP/TOS: 0x00 Prot.: ICMP (1), echo reply, id: 0x0016, seq: 0x1ccf Route: LAN-1 Tx (INTRANET1): [IP-Router] 2010/12/20 17:11:06,430 IP-Router Rx (INTERNET3, RtgTag: 3): DstIP: 192.168.3.100, SrcIP: 4.4.4.1, Len: 84, DSCP/TOS: 0x00 Prot.: ICMP (1), echo reply, id: 0x0015, seq: 0x1cde Route: LAN-1 Tx (INTRANET3): [IP-Router] 2010/12/20 17:11:06,600 IP-Router Rx (LAN-1, INTRANET2, RtgTag: 2): DstIP: 3.3.3.1, SrcIP: 192.168.2.100, Len: 84, DSCP/TOS: 0x00 Prot.: ICMP (1), echo request, id: 0x0014, seq: 0x1cea Route: WAN Tx (INTERNET2) [IP-Router] 2010/12/20 17:11:06,600 IP-Router Rx (INTERNET2, RtgTag: 2): DstIP: 192.168.2.100, SrcIP: 3.3.3.1, Len: 84, DSCP/TOS: 0x00 Prot.: ICMP (1), echo reply, id: 0x0014, seq: 0x1cea Route: LAN-1 Tx (INTRANET2): [IP-Router] 2010/12/20 17:11:07,430 IP-Router Rx (LAN-1, INTRANET1, RtgTag: 1): DstIP: 11.11.11.1, SrcIP: 192.168.1.100, Len: 84, DSCP/TOS: 0x00 Prot.: ICMP (1), echo request, id: 0x0016, seq: 0x1cd0 Route: WAN Tx (INTERNET1) [IP-Router] 2010/12/20 17:11:07,430 IP-Router Rx (LAN-1, INTRANET3, RtgTag: 3): DstIP: 4.4.4.1, SrcIP: 192.168.3.100, Len: 84, DSCP/TOS: 0x00 Prot.: ICMP (1), echo request, id: 0x0015, seq: 0x1cdf Route: WAN Tx (INTERNET3) [IP-Router] 2010/12/20 17:11:07,430 IP-Router Rx (INTERNET1, RtgTag: 1): DstIP: 192.168.1.100, SrcIP: 11.11.11.1, Len: 84, DSCP/TOS: 0x00 Prot.: ICMP (1), echo reply, id: 0x0016, seq: 0x1cd0 Route: LAN-1 Tx (INTRANET1): [IP-Router] 2010/12/20 17:11:07,430 IP-Router Rx (INTERNET3, RtgTag: 3): DstIP: 192.168.3.100, SrcIP: 4.4.4.1, Len: 84, DSCP/TOS: 0x00 Prot.: ICMP (1), echo reply, id: 0x0015, seq: 0x1cdf Route: LAN-1 Tx (INTRANET3): [IP-Router] 2010/12/20 17:11:07,600 IP-Router Rx (LAN-1, INTRANET2, RtgTag: 2): DstIP: 3.3.3.1, SrcIP: 192.168.2.100, Len: 84, DSCP/TOS: 0x00 Prot.: ICMP (1), echo request, id: 0x0014, seq: 0x1ceb Route: WAN Tx (INTERNET2) [IP-Router] 2010/12/20 17:11:07,600 IP-Router Rx (INTERNET2, RtgTag: 2): DstIP: 192.168.2.100, SrcIP: 3.3.3.1, Len: 84, DSCP/TOS: 0x00 Prot.: ICMP (1), echo reply, id: 0x0014, seq: 0x1ceb Route: LAN-1 Tx (INTRANET2):
The output in just 2 seconds is enough to produce a large amount of data. For a better overview of the output, add a filter to the trace command. The filters start with the @ symbol and enter a search criterion. In this example, the filter reduces the output to that containing the search criterion "Internet1", in order to output only the packets from this remote site.
root@MyDevice:/ > trace # ip-router @ INTERNET1 IP-Router ON @ INTERNET1 [IP-Router] 2010/12/20 17:11:50,430 IP-Router Rx (LAN-1, INTRANET1, RtgTag: 1): DstIP: 11.11.11.1, SrcIP: 192.168.1.100, Len: 84, DSCP/TOS: 0x00 Prot.: ICMP (1), echo request, id: 0x0016, seq: 0x1cfb Route: WAN Tx (INTERNET1) [IP-Router] 2010/12/20 17:11:50,430 IP-Router Rx (INTERNET1, RtgTag: 1): DstIP: 192.168.1.100, SrcIP: 11.11.11.1, Len: 84, DSCP/TOS: 0x00 Prot.: ICMP (1), echo reply, id: 0x0016, seq: 0x1cfb Route: LAN-1 Tx (INTRANET1): [IP-Router] 2010/12/20 17:11:51,430 IP-Router Rx (LAN-1, INTRANET1, RtgTag: 1): DstIP: 11.11.11.1, SrcIP: 192.168.1.100, Len: 84, DSCP/TOS: 0x00 Prot.: ICMP (1), echo request, id: 0x0016, seq: 0x1cfc Route: WAN Tx (INTERNET1) [IP-Router] 2010/12/20 17:11:51,430 IP-Router Rx (INTERNET1, RtgTag: 1): DstIP: 192.168.1.100, SrcIP: 11.11.11.1, Len: 84, DSCP/TOS: 0x00 Prot.: ICMP (1), echo reply, id: 0x0016, seq: 0x1cfc Route: LAN-1 Tx (INTRANET1):
Again, the time frame of the trace is about two seconds, but the amount of data has already been reduced significantly. The only data to be displayed is that relating to remote site "INTERNET1". However, further filter criteria can also be specified simply by placing a space between the first and second criteria. As well as a space symbol, the symbols "+" and "-" can also be used as operators. With a "+" both criteria must be met; with a "-" the criterion must not be fulfilled; a space means that one or the other of the associated criteria must be fulfilled. The option to use strings containing operators as a filter is implemented by quotation marks:
- Space: A space before a search term is a logical OR operation. The trace output is only displayed if it contains one of the strings marked in this way.
- +: A plus sign before a search term is a logical AND operation. The trace output is only displayed if it contains all of the strings marked in this way.
- -: A minus sign before a search term is a logical NOT operation. The trace output is only displayed if it contains none of the strings marked in this way.
root@MyDevice:/ > trace # ip-router @ INTERNET1 -"echo request" IP-Router ON @ INTERNET1 -"echo request" [IP-Router] 2010/12/20 17:12:06,430 IP-Router Rx (INTERNET1, RtgTag: 1): DstIP: 192.168.1.100, SrcIP: 11.11.11.1, Len: 84, DSCP/TOS: 0x00 Prot.: ICMP (1), echo reply, id: 0x0016, seq: 0x1d0b Route: LAN-1 Tx (INTRANET1): [IP-Router] 2010/12/20 17:12:07,430 IP-Router Rx (INTERNET1, RtgTag: 1): DstIP: 192.168.1.100, SrcIP: 11.11.11.1, Len: 84, DSCP/TOS: 0x00 Prot.: ICMP (1), echo reply, id: 0x0016, seq: 0x1d0c Route: LAN-1 Tx (INTRANET1):
The trace now shows only the entries that contain the remote site 'INTERNET1', but not the string 'echo request'. This displays only the responses to a ping as they return from the remote site.
You can use multiple traces simultaneously and filter by different criteria. In the following example, an Ethernet trace is run in addition to the IP router trace to see the packet associated with the ping on the Ethernet:
root@MyDevice:/ > trace # ip-router @ INTERNET1 +"echo reply" IP-Router ON @ INTERNET1 +"echo reply" root@MyDevice:/ > trace # eth @ ICMP +"echo reply" Ethernet ON @ icmp +"echo reply" [IP-Router] 2010/12/21 14:17:21,000 IP-Router Rx (INTERNET1, RtgTag: 1): DstIP: 192.168.1.100, SrcIP: 11.11.11.1, Len: 84, DSCP/TOS: 0x00 Prot.: ICMP (1), echo reply, id: 0x0002, seq: 0x2654 Route: LAN-1 Tx (INTRANET1): [Ethernet] 2010/12/21 14:17:21,000 Sent 98 byte Ethernet packet via LAN-1: HW Switch Port : ETH-1 -->IEEE 802.3 Header Dest : 00:a0:57:12:a9:21 (LANCOM 12:a9:21) Source : 00:a0:57:12:f7:81 (LANCOM 12:f7:81) Type : IPv4 -->IPv4 Header Version : 4 Header Length : 20 Type of service : (0x00) Precedence 0 Total length : 84 ID : 18080 Fragment : Offset 0 TTL : 59 Protocol : ICMP Checksum : 24817 (OK) Src Address : 11.11.11.1 Dest Address : 192.168.1.100 -->ICMP Header Msg : echo reply Checksum : 18796 (OK) Body : 00 00 00 02 00 00 26 54 ...... 7e c9 6d 8c 00 00 00 00 ~.m..... 00 01 02 03 04 05 06 07 ........ 08 09 0a 0b 0c 0d 0e 0f ........ 10 11 12 13 14 15 16 17 ........ 18 19 1a 1b 1c 1d 1e 1f ........ 20 21 22 23 24 25 26 27 !"#$%
