I have found these scripts invaluable in tracking down the offender:
-- Some TCP connections do not spawn "jobs". Therefore we'll use a different service.
select local_port, remote_address, count(*) as nbrconnections
from gdihq.qsys2.NS_INFO
where local_port = 23
group by local_port, remote_address
having count(*) > 10
;
-- What 5250 session is using a particular IP address?
Select job_name, authorization_name, client_ip_address
from table(active_job_info(
SUBSYSTEM_LIST_FILTER => 'QINTER',
DETAILED_INFO => 'ALL')) x
WHERE 1 IN (select 1 from gdihq.sysibm.sysdummy1)
and client_ip_address in (
select remote_address
from gdihq.qsys2.NS_INFO
where local_port = 23
group by remote_address
having count(*) > 10
)
;
-- What are their names?
select odobnm, odobtx
from table(qsys2.users()) i
where odobnm in(
Select authorization_name
from table(active_job_info(
SUBSYSTEM_LIST_FILTER => 'QINTER',
DETAILED_INFO => 'ALL')) x
WHERE 1 IN (select 1 from gdihq.sysibm.sysdummy1)
and client_ip_address in (
select remote_address
from gdihq.qsys2.NS_INFO
where local_port = 23
group by remote_address
having count(*) > 10
)
group by authorization_name)
;
-- From your DOS command prompt run
-- nslookup xxx.xxx.xxx.xxx
-- where xxx. is the offending IP address.
-- Sometimes the session name is unrelated to the device.
-- For example, ROBS1 on laptop GDL57
;
Rob Berendt
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact
[javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
