Using Netmaster Smarttrace to record TCP 3-way handshake

Document ID : KB000107167
Last Modified Date : 19/07/2018
Show Technical Document Details
Question:
How can a the Smarttrace filter be defined to just record the three-way TCP handshake packets? It is sometimes needed when trying to capture the handshake from a particular IP on a a busy port lots of connections from many locations with lots of traffic flow, ie FTP or Telnet.
 
Answer:
The closest Netmaster can come is 13 packets per connection, as described below: 

To create the SmartTrace definition, go to /SMART 
Add a new smarttrace definition 
Select New Multiple TCP Connection Trace 

Put in the port (and stack if you want) then PF8 to the last screen. 

Define the Trace Limit and Initial Packets Traced fields as below. 
The rest are whatever best fit your requirements. 
Trace Limit ............... 10   <----------- minimum number you can have 
Stop At Limit? ............ NO  
Trace Expiry .............. 1:00 
Initial Packets Traced .... 3   
<--------------- keeps the 3-way handshake 
Maximum Connections Traced  100 


This results in keeping the 3-way handshake plus 10 packets. As stated in the online doc, 10 is the lowest Trace Limit allowed. 

Attempts at setting the trace limit to 0 cause it to be reset to 250.