VoIP Ethernet Capture

From TBwiki
(Difference between revisions)
Jump to: navigation, search
Line 4: Line 4:
  
  
== Capturing using the TMG800's internal host ==
+
== Capturing using the TMG's internal host ==
The TMG800's internal host can be used for capturing packets that are mirrored from the VOIP0 and/or VOIP1 physical ports.
+
The TMG's internal host can be used for capturing packets that are mirrored from the VOIP0 and/or VOIP1 physical ports.
  
 
=== Physical Setup ===
 
=== Physical Setup ===
Line 14: Line 14:
 
*Access the telecom baseboard from the [[Tmedia]] using telnet.
 
*Access the telecom baseboard from the [[Tmedia]] using telnet.
 
  telnet 172.31.1.1
 
  telnet 172.31.1.1
 +
*If the traffic to be captured is on a 802.1Q VLAN and the TMG-CONTROL version is >= 2.8, an IP interface with the 'MANAGEMENT' service must be created through the Web Portal. The IP interface must be assigned to a virtual port that is assigned to the capture port and uses the 802.1Q VLAN ID that is targeted by the capture.
  
 
==== TMG800 ====
 
==== TMG800 ====
Line 36: Line 37:
 
*Exit the telecom baseboard's shell (type "exit")
 
*Exit the telecom baseboard's shell (type "exit")
 
*Use the "tcpdump" tool on linux to capture mirrored packets (received on the "mgmt0" interface):
 
*Use the "tcpdump" tool on linux to capture mirrored packets (received on the "mgmt0" interface):
 +
'''Note''': If the captured traffic is on a 802.1Q VLAN, use the "vlanXXXX" interface instead of "mgmt0" or "int0", where "XXXX" is the identifier of the VLAN to capture on (e.g. vlan152).
 
==== TMG800 ====
 
==== TMG800 ====
 
  tcpdump -i mgmt0 -s 1500 -w capture_file.cap
 
  tcpdump -i mgmt0 -s 1500 -w capture_file.cap
'''Note''': The interface name "mgmt0" could be different on older TMG800. Use "ifconfig" command to find which interface has the IP address 172.31.1.2
 
 
==== TMG3200 ====
 
==== TMG3200 ====
 
  tcpdump -i int0 -s 1500 -w capture_file.cap
 
  tcpdump -i int0 -s 1500 -w capture_file.cap

Revision as of 15:23, 4 February 2015

The Tmedia product can configure one of its VoIP Ethernet ports to do Port Mirroring. This is useful when investigating RTP, Codecs or IP Tones issues.



Contents

Capturing using the TMG's internal host

The TMG's internal host can be used for capturing packets that are mirrored from the VOIP0 and/or VOIP1 physical ports.

Physical Setup

No specific physical setup is required

Preparing Tmedia for Capture (enable ports mirroring)

  • Access the Tmedia unit using SSH.
  • Access the telecom baseboard from the Tmedia using telnet.
telnet 172.31.1.1
  • If the traffic to be captured is on a 802.1Q VLAN and the TMG-CONTROL version is >= 2.8, an IP interface with the 'MANAGEMENT' service must be created through the Web Portal. The IP interface must be assigned to a virtual port that is assigned to the capture port and uses the 802.1Q VLAN ID that is targeted by the capture.

TMG800

Do one of the following command to capture packets according to your setup, to mirror packets toward the linux host CPU, for a configurable duration (in the following example the duration is 600 seconds, thus 10 minutes):

  • For capturing all Ethernet packets from VOIP0
mv88eMonitor 0x1 0x1 2 600
  • For capturing all Ethernet packets from VOIP1
mv88eMonitor 0x2 0x2 2 600
  • For capturing all Ethernet packets from VOIP0 and VOIP1
mv88eMonitor 0x3 0x3 2 600

TMG3200

Do one of the following command to capture packets according to your setup, to mirror packets toward the linux host CPU, for a configurable duration (in the following example the duration is 600 seconds, thus 10 minutes):

  • For capturing all Ethernet packets from VOIP0
mv88eMonitor 0x4 0x4 8 600
  • For capturing all Ethernet packets from VOIP1
mv88eMonitor 0x8 0x8 8 600
  • For capturing all Ethernet packets from VOIP0 and VOIP1
mv88eMonitor 0xC 0xC 8 600

Start the Capture

  • Exit the telecom baseboard's shell (type "exit")
  • Use the "tcpdump" tool on linux to capture mirrored packets (received on the "mgmt0" interface):

Note: If the captured traffic is on a 802.1Q VLAN, use the "vlanXXXX" interface instead of "mgmt0" or "int0", where "XXXX" is the identifier of the VLAN to capture on (e.g. vlan152).

TMG800

tcpdump -i mgmt0 -s 1500 -w capture_file.cap

TMG3200

tcpdump -i int0 -s 1500 -w capture_file.cap

Note: The interface name "int0" could be different on older TMG3200. Use "ifconfig" command to find which interface has the IP address 172.31.1.2

Stop the Capture

When you're ready, stop the capture by

  • pressing control-C on the shell that was running tcpdump command
  • Access the telecom baseboard from the Tmedia using telnet.
telnet 172.31.1.1
  • Stop the capture
mv88eMonitor 0 0 1

Download the Capture

To download the capture, use SSH secure copy ("sftp") to the Tmedia management port. This can be done on Windows using tools like Filezilla.

Capturing from an external host (laptop)

Warning: When configuring a port as a mirror, it is important to connect that Ethernet port directly to a host (like a laptop). Otherwise, it will create problem with to the Ethernet switch

Physical Setup

To do a VoIP capture it is required to:

  • Connect one of the VoIP Ethernet port to a laptop with Wireshark installed and 1Gbs Network card.

Once the physical setup is ready. It is possible to start capturing all packets received and sent from VOIP0 or VOIP1 using the other interface (VOIP1 or VOIP0).

Preparing Tmedia for Capture

  • Access the Tmedia unit using SSH.
  • Access the telecom baseboard from the Tmedia using telnet.
telnet 172.31.1.1
  • Start Wireshark to capture the Ethernet packets with the connected laptop.
  • Do one of the following command to capture packets according to your setup.

TMG800

For capturing all Ethernet packets that goes through VoIP0 with VoIP1, for a configurable duration (in the following example the duration is 600 seconds, thus 10 minutes)

mv88eMonitor 0x1 0x1 1 600

For capturing all Ethernet packets that goes through VoIP1 with VoIP0, for a configurable duration (in the following example the duration is 600 seconds, thus 10 minutes)

mv88eMonitor 0x2 0x2 0 600


TMG3200

For capturing all Ethernet packets that goes through VoIP0 with VoIP1, for a configurable duration (in the following example the duration is 600 seconds, thus 10 minutes)

mv88eMonitor 0x4 0x4 3 600

For capturing all Ethernet packets that goes through VoIP1 with VoIP0, for a configurable duration (in the following example the duration is 600 seconds, thus 10 minutes)

mv88eMonitor 0x8 0x8 2 600

Stop the Capture

mv88eMonitor 0 0 0

TMG7800

Physical Setup

To do a VoIP capture it is required to:

  • Connect one of the VoIP Ethernet port to a laptop with Wireshark installed and 1Gbs Network card.

Once the physical setup is ready. It is possible to start capturing the RTP.

Preparing Tmedia for Capture

telnet [eth0 IP address of the telecom unit]
  • Start Wireshark to capture the Ethernet packets with the connected laptop.
  • Do one of the following command to capture packets according to your setup.

Start the Capture

For capturing all Ethernet packets that goes through VoIP0 with VoIP1

mv88eMonitor 0x4 0x4 3

For capturing all Ethernet packets that goes through VoIP1 with VoIP0

mv88eMonitor 0x8 0x8 2

Stop the Capture

mv88eMonitor 0 0 3
Personal tools