VoIP Ethernet Capture

From TBwiki
(Difference between revisions)
Jump to: navigation, search
(Procedure)
 
(7 intermediate revisions by 4 users not shown)
Line 1: Line 1:
 
The [[Tmedia]] product can configure one of its VoIP Ethernet ports to do [http://en.wikipedia.org/wiki/Port_mirroring Port Mirroring]. This is useful when investigating RTP, Codecs or IP Tones issues.
 
The [[Tmedia]] product can configure one of its VoIP Ethernet ports to do [http://en.wikipedia.org/wiki/Port_mirroring Port Mirroring]. This is useful when investigating RTP, Codecs or IP Tones issues.
  
 
+
=== Preparing the Tmedia for capture (enable ports mirroring) ===
 
+
*If the traffic to be captured is on a 802.1Q VLAN and the [[Tctrl]] version is >= 2.8, an IP interface with the 'MANAGEMENT' service must be created through the Web Portal. The IP interface must be assigned to a virtual port that is assigned to the capture port and uses the 802.1Q VLAN ID that is targeted by the capture.
 
+
== Capturing using the TMG800's internal host ==
+
The TMG800's internal host can be used for capturing packets that are mirrored from the VOIP0 and/or VOIP1 physical ports.
+
 
+
=== Physical Setup ===
+
No specific physical setup is required
+
 
+
=== Preparing Tmedia for Capture (enable ports mirroring) ===
+
 
*Access the [[Tmedia]] unit using SSH.
 
*Access the [[Tmedia]] unit using SSH.
 
*Access the telecom baseboard from the [[Tmedia]] using telnet.
 
*Access the telecom baseboard from the [[Tmedia]] using telnet.
 
  telnet 172.31.1.1
 
  telnet 172.31.1.1
 +
*Type in the mv88eMonitor command to get the list of ports on the unit:
 +
mv88eMonitor
 +
*A list (such as the one below) should appear:
 +
Port Mapping:
 +
PortDesc  :  eth0  eth1  voip0  voip1 mspeedsw1 mspeedsw2  fpga0  fpga1  host    cpu
 +
PortNumber :      0      1      2      3        4        5      6      7      8      9
 +
PortMask  :    0x1    0x2    0x4    0x8      0x10      0x20  0x40  0x80  0x100  0x200
 +
*The 'PortNumber' is the '''destination''' port for the capture.
 +
**If the traffic is to be captured on the '''internal host''' of the TMG unit, use the number below the '''host''' port (in the above example, 8).
 +
**If the traffic is to be captured on an '''external host''' (laptop, PC, or specialized equipment), choose the number below the desired target port (for example, 0 for eth0).
 +
*The 'PortMask' is the '''source''' mask for the capture. On the above example, traffic going through the voip0 port would be captured using the 0x4 mask.
 +
*Use the mv88eMonitor command in order to mirror traffic as desired. Here is the syntax:
 +
mv88eMonitor <IngressPortMask> <EgressPortMask> <PortNumber> <TimeoutInSeconds>
 +
**The 'IngressPortMask' is the mask used for capturing traffic that is sent to the TMG.
 +
**The 'EgressPortMask' is the mask used for capturing traffic that is sent from the TMG.
 +
**The 'PortNumber' is where the captured traffic should be mirrored to.
 +
**The 'TimeoutInSeconds' is the time the mirror operation is active before being automatically stopped.
 +
*Here is an example to mirror all the voip0 traffic to a TMG3200's internal host, for 60 seconds:
 +
mv88eMonitor 0x4 0x4 8 60
 +
*Here is an example to mirror the incoming voip0 traffic on a TMG3200 to an external host connected to the eth1 port:
 +
mv88eMonitor 0x4 0 1 60
  
==== TMG800 ====
+
=== Start the capture ===
Do one of the following command to capture packets according to your setup, to mirror packets toward the linux host CPU, for a configurable duration (in the following example the duration is 600 seconds, thus 10 minutes):
+
*For capturing all Ethernet packets from VOIP0
+
mv88eMonitor 0x1 0x1 2 600
+
*For capturing all Ethernet packets from VOIP1
+
mv88eMonitor 0x2 0x2 2 600
+
*For capturing all Ethernet packets from VOIP0 and VOIP1
+
mv88eMonitor 0x3 0x3 2 600
+
 
+
==== TMG3200 ====
+
Do one of the following command to capture packets according to your setup, to mirror packets toward the linux host CPU, for a configurable duration (in the following example the duration is 600 seconds, thus 10 minutes):
+
*For capturing all Ethernet packets from VOIP0
+
mv88eMonitor 0x4 0x4 8 600
+
*For capturing all Ethernet packets from VOIP1
+
mv88eMonitor 0x8 0x8 8 600
+
*For capturing all Ethernet packets from VOIP0 and VOIP1
+
mv88eMonitor 0xC 0xC 8 600
+
 
+
=== Start the Capture ===
+
 
*Exit the telecom baseboard's shell (type "exit")
 
*Exit the telecom baseboard's shell (type "exit")
*Use the "tcpdump" tool on linux to capture mirrored packets (received on the "mgmt0" interface):
+
*If the capture is to be done on an external host, use a tool such as 'Wireshark' to capture and analyze the mirrored traffic.
==== TMG800 ====
+
**When configuring a port as a mirror, it is important to connect that Ethernet port directly to a host (like a laptop). Otherwise, it could cause issues such as an Ethernet loop.
 +
**If capturing 802.1Q tagged traffic, make sure the receiving equipment is actually configured to process 802.1Q tagged traffic.
 +
*If the capture is to be done on the TMG's internal host:
 +
**Use the '''[[Get Product Type|tbinfo]]''' command to find out which product is currently used.
 +
**Use the following table to know on which Linux interface to capture the traffic:
 +
{| class="wikitable"
 +
|-
 +
! TMG800 !! TMG3200 !! 802.1Q capture
 +
|-
 +
| '''mgmt0''' || '''int0''' || '''vlanXXXX''', where XXXX is the VLAN ID (e.g. vlan333)
 +
|}
 +
*Use the "tcpdump" tool to capture mirrored packets:
 
  tcpdump -i mgmt0 -s 1500 -w capture_file.cap
 
  tcpdump -i mgmt0 -s 1500 -w capture_file.cap
'''Note''': The interface name "mgmt0" could be different on older TMG800. Use "ifconfig" command to find which interface has the IP address 172.31.1.2
+
*To capture 802.1Q tagged traffic, use the correct VLAN interface:
==== TMG3200 ====
+
  tcpdump -i vlan333 -s 1500 -w capture_file.cap
  tcpdump -i int0 -s 1500 -w capture_file.cap
+
'''Note''': The interface name "int0" could be different on older TMG3200. Use "ifconfig" command to find which interface has the IP address 172.31.1.2
+
  
 
=== Stop the Capture ===
 
=== Stop the Capture ===
Line 49: Line 53:
 
  telnet 172.31.1.1
 
  telnet 172.31.1.1
 
*Stop the capture
 
*Stop the capture
  mv88eMonitor 0 0 1
+
  mv88eMonitor 0 0 0
  
 
=== Download the Capture ===
 
=== Download the Capture ===
 
To download the capture, use SSH secure copy ("sftp") to the Tmedia management port. This can be done on Windows using tools like Filezilla.
 
To download the capture, use SSH secure copy ("sftp") to the Tmedia management port. This can be done on Windows using tools like Filezilla.
  
== Capturing from an external host (laptop) ==
 
'''Warning''': When configuring a port as a mirror, it is important to connect that Ethernet port directly to a host (like a laptop). Otherwise, it will create problem with to the Ethernet switch
 
  
=== Physical Setup ===
+
== Procedure ==
To do a VoIP capture it is required to:
+
*Connect one of the VoIP Ethernet port to a laptop with [http://www.wireshark.org/ Wireshark] installed and 1Gbs Network card.
+
  
Once the physical setup is ready. It is possible to start capturing all packets received and sent from VOIP0 or VOIP1 using the other interface (VOIP1 or VOIP0).
+
*[[Toolpack:Troubleshooting_D#VoIP_Ethernet_Capture|VoIP Ethernet Capture for v3.0]]
 
+
*[[Toolpack:Troubleshooting_C#VoIP_Ethernet_Capture|VoIP Ethernet Capture for v2.10]]
=== Preparing Tmedia for Capture ===
+
*[[Toolpack:Troubleshooting_B#VoIP_Ethernet_Capture|VoIP Ethernet Capture for v2.9]]
*Access the [[Tmedia]] unit using SSH.
+
*[[Toolpack:Troubleshooting_A#VoIP_Ethernet_Capture|VoIP Ethernet Capture for v2.8]]
*Access the telecom baseboard from the [[Tmedia]] using telnet.
+
*[[Web_Portal_Tutorial_Guide_v2.7#VoIP_Ethernet_Capture|VoIP Ethernet Capture for v2.7]]
telnet 172.31.1.1
+
*Start Wireshark to capture the Ethernet packets with the connected laptop.
+
*Do one of the following command to capture packets according to your setup.
+
 
+
==== TMG800 ====
+
For capturing all Ethernet packets that goes through VoIP0 with VoIP1, for a configurable duration (in the following example the duration is 600 seconds, thus 10 minutes)
+
mv88eMonitor 0x1 0x1 1 600
+
 
+
For capturing all Ethernet packets that goes through VoIP1 with VoIP0, for a configurable duration (in the following example the duration is 600 seconds, thus 10 minutes)
+
mv88eMonitor 0x2 0x2 0 600
+
 
+
 
+
==== TMG3200 ====
+
For capturing all Ethernet packets that goes through VoIP0 with VoIP1, for a configurable duration (in the following example the duration is 600 seconds, thus 10 minutes)
+
mv88eMonitor 0x4 0x4 3 600
+
 
+
For capturing all Ethernet packets that goes through VoIP1 with VoIP0, for a configurable duration (in the following example the duration is 600 seconds, thus 10 minutes)
+
mv88eMonitor 0x8 0x8 2 600
+
 
+
=== Stop the Capture ===
+
mv88eMonitor 0 0 0
+
 
+
== TMG7800 ==
+
=== Physical Setup ===
+
To do a VoIP capture it is required to:
+
*Connect one of the VoIP Ethernet port to a laptop with [http://www.wireshark.org/ Wireshark] installed and 1Gbs Network card.
+
 
+
Once the physical setup is ready. It is possible to start capturing the RTP.
+
 
+
=== Preparing Tmedia for Capture ===
+
*Access the telecom unit ([[TMG7800|TMG7800-TE]], [[TMG7800|TMG7800-DS3]] or [[TMG7800|TMG7800-STM1]]) you want to capture using telnet.
+
telnet [eth0 IP address of the telecom unit]
+
*Start Wireshark to capture the Ethernet packets with the connected laptop.
+
*Do one of the following command to capture packets according to your setup.
+
 
+
=== Start the Capture ===
+
For capturing all Ethernet packets that goes through VoIP0 with VoIP1
+
mv88eMonitor 0x4 0x4 3
+
 
+
For capturing all Ethernet packets that goes through VoIP1 with VoIP0
+
mv88eMonitor 0x8 0x8 2
+
 
+
=== Stop the Capture ===
+
mv88eMonitor 0 0 3
+

Latest revision as of 14:43, 9 January 2019

The Tmedia product can configure one of its VoIP Ethernet ports to do Port Mirroring. This is useful when investigating RTP, Codecs or IP Tones issues.

Contents

Preparing the Tmedia for capture (enable ports mirroring)

  • If the traffic to be captured is on a 802.1Q VLAN and the Tctrl version is >= 2.8, an IP interface with the 'MANAGEMENT' service must be created through the Web Portal. The IP interface must be assigned to a virtual port that is assigned to the capture port and uses the 802.1Q VLAN ID that is targeted by the capture.
  • Access the Tmedia unit using SSH.
  • Access the telecom baseboard from the Tmedia using telnet.
telnet 172.31.1.1
  • Type in the mv88eMonitor command to get the list of ports on the unit:
mv88eMonitor
  • A list (such as the one below) should appear:
Port Mapping:
PortDesc   :   eth0   eth1  voip0  voip1 mspeedsw1 mspeedsw2  fpga0  fpga1   host    cpu
PortNumber :      0      1      2      3         4         5      6      7      8      9
PortMask   :    0x1    0x2    0x4    0x8      0x10      0x20   0x40   0x80  0x100  0x200
  • The 'PortNumber' is the destination port for the capture.
    • If the traffic is to be captured on the internal host of the TMG unit, use the number below the host port (in the above example, 8).
    • If the traffic is to be captured on an external host (laptop, PC, or specialized equipment), choose the number below the desired target port (for example, 0 for eth0).
  • The 'PortMask' is the source mask for the capture. On the above example, traffic going through the voip0 port would be captured using the 0x4 mask.
  • Use the mv88eMonitor command in order to mirror traffic as desired. Here is the syntax:
mv88eMonitor <IngressPortMask> <EgressPortMask> <PortNumber> <TimeoutInSeconds>
    • The 'IngressPortMask' is the mask used for capturing traffic that is sent to the TMG.
    • The 'EgressPortMask' is the mask used for capturing traffic that is sent from the TMG.
    • The 'PortNumber' is where the captured traffic should be mirrored to.
    • The 'TimeoutInSeconds' is the time the mirror operation is active before being automatically stopped.
  • Here is an example to mirror all the voip0 traffic to a TMG3200's internal host, for 60 seconds:
mv88eMonitor 0x4 0x4 8 60
  • Here is an example to mirror the incoming voip0 traffic on a TMG3200 to an external host connected to the eth1 port:
mv88eMonitor 0x4 0 1 60

Start the capture

  • Exit the telecom baseboard's shell (type "exit")
  • If the capture is to be done on an external host, use a tool such as 'Wireshark' to capture and analyze the mirrored traffic.
    • When configuring a port as a mirror, it is important to connect that Ethernet port directly to a host (like a laptop). Otherwise, it could cause issues such as an Ethernet loop.
    • If capturing 802.1Q tagged traffic, make sure the receiving equipment is actually configured to process 802.1Q tagged traffic.
  • If the capture is to be done on the TMG's internal host:
    • Use the tbinfo command to find out which product is currently used.
    • Use the following table to know on which Linux interface to capture the traffic:
TMG800 TMG3200 802.1Q capture
mgmt0 int0 vlanXXXX, where XXXX is the VLAN ID (e.g. vlan333)
  • Use the "tcpdump" tool to capture mirrored packets:
tcpdump -i mgmt0 -s 1500 -w capture_file.cap
  • To capture 802.1Q tagged traffic, use the correct VLAN interface:
tcpdump -i vlan333 -s 1500 -w capture_file.cap

Stop the Capture

When you're ready, stop the capture by

  • pressing control-C on the shell that was running tcpdump command
  • Access the telecom baseboard from the Tmedia using telnet.
telnet 172.31.1.1
  • Stop the capture
mv88eMonitor 0 0 0

Download the Capture

To download the capture, use SSH secure copy ("sftp") to the Tmedia management port. This can be done on Windows using tools like Filezilla.


Procedure

Personal tools