1. Log in to the NE on an MML client.
Run the log-query: SccBid,"mmllog" command to query the TEI of the user. Wherein, set SccBid to the ID of the SCC on your gateway NE.
:log-query:25,"mmllog" (mmllog on the SCC)
mmllog 2008-05-20 19:40:01 User:0x1e090023, Command:lognew, para[0x22:0x73:0x7a:0x68]
mmllog 2008-05-20 20:29:30 User:0x1e090023, Command:lognew, para[0x22:0x73:0x7a:0x68]
mmllog 2008-05-20 22:24:52 User:0x1e090023, Command:lognew, para[0x22:0x73:0x7a:0x68] mmllog
2. Log in to the NE through the QX interface.
The QX logs do not record the user TEI. Therefore, run the following commands to obtain the information on the Navigator.
- Run the sm-get-curuser command to obtain the current online users.
Total records :3
- Run the sm-get-user command to obtain the TEI of the possible illegal user.
UserName Group AccountState CreateDate ExpireDate LoginBeginWeekday LoginEndWeekday LoginBeginTime LoginEndTime PasswordModifiedTime AutoQuitTime AutoQuitRemainTime NoActiveDisableDays LastLoginTime NotifyModifyPassword ExpiredPasswordUsedCount PasswordMaxAge Tei TeiType
l131833 super enable 2009-03-02 2087-12-31 sun sat 00:00:00 23:59:59 2009-03-02 20:38:53 60 60 0 2009-03-02 22:27:32 enable 0 0 0x1f090023 tm
Total records :1
Subtract 0x11 from the most significant byte of the TEI, 0x1f, to obtain the CON-NO. The result is 0x0e.
The three least significant bytes of the TEI, 0x090023, indicate the ID of the gateway NE through which the user logs in.
3. Run the cm-get-lanconinfo command on the gateway NE (with ID of 0x090023) to obtain the IP address mapped to the CON-NO.
PEER-IP USER-PORT PEER-PORT CON-NO RECV-FRAMES RECV-BYTES SEND-FRAMES SEND-BYTES CON-TIMES SEND-FAILCOUNT
184.108.40.206 1400 2425 14 102 1896 148 14256 1 0
Total records :1
Note: Due to mutual kicks, the CON-NO of an NE user changes. The TEI of the user varies according to the CON-NO. Therefore, take the same steps repeatedly to obtain the IP address of the user properly.