PCAP Tools for Linux
PCAP Tools for Linux is a packet capture utility (sniffer) which can be useful to network engineers or snoopers. It is pre-installed on CS1K Rel.6/7.5 linux-base systems, and can be used to view SIP (and UNISTIM) messages, or to diagnose network problems.
Get Wireshark (freeware), if you haven't already, from: http://www.wireshark.org/download.html
Once installed, goto Preferences > Protocols > UNISTIM and set the UNISTIM UDP port to 5000.
This will help you interpret Nortel/Avaya phone messages.
Login to a CS1K Linux base element (the UCM) with either admin or admin2.
pcap config to set options such as ELAN or TLAN (default) monitoring, and the capture file size.
- Monitor the ELAN to debug VGMC/MGC/Signaling Server to Call Server or VGMC/MGC/Signaling Server to EM problems.
- Monitor the TLAN (or the LAN with the IP Phone) to debug TPS to IP Phone problems and voice Gateway-related issues.
Unharden nettools, and start packet capture:
[admin@ss0 ~]$ harden nettools on You are trying to set Hardening policy 'network tools' in less secure state. Do you want to proceed? (Y/N) [Y]? y Network tools are enabled. [admin@ss0 ~]$ pcap start Starting PCAP: PCAP is stopped Configuration file validated [PASSED] PCAP is starting PCAP successfully started [ OK ] Running as user "root" and group "root". This could be dangerous. Capturing on eth1
While running, all network traffic will be stored in a capture file.
When ready, stop the capture, and harden nettools again:
[admin@ss0 ~]$ pcap stop Stopping PCAP: pcap is stopping [ OK ] 58 packets captured PCAP successfully stopped [ OK ] [admin@ss0 ~]$ harden nettools off Network tools are disabled.
Download the capture file from: /var/opt/nortel/dfoTools/pcap (via SFTP), and open it in Wireshark. I use Transmit, a popular Mac OS X FTP/SFTP client, or WinSCP on Windows to do this. Note that capture files cannot be retrieved while PCAP is running.
To display only the telephony traffic, enter unistim in the filter box, and hit apply.