Toolpack Debug Application:Tbsigtrace

From TBwiki
(Difference between revisions)
Jump to: navigation, search
(How to start tbsigtrace with the web interface)
m
 
(23 intermediate revisions by 8 users not shown)
Line 1: Line 1:
Tbsigtrace is a Toolpack debug tool that is use to collect protocol messages.
+
{{DISPLAYTITLE:tbsigtrace: Signaling trace capture tool}}
 +
'''tbsigtrace''' is a debug tool that is use to collect signalling protocol messages. It can trace SS7, ISDN, SIP, Sigtran and H.248 messages and put it in a [http://www.wireshark.org wireshark] format. It can also capture CAS traces in a text format<br>
 +
<br>
  
 +
== How to use it  ==
 +
Connect [[Accessing_Device|SSH]] to the unit and type
 +
tbsigtrace
 +
This will capture all protocols available on the units. It will create one pcap file per protocol. To stop the application, type 'q'.<br>
 +
The output files are located here: '''/lib/tb/toolpack/setup/12358/[major version]/apps/tbsigtrace''' and can be retrieved with a sFTP tool.
  
== Where it is located ==
+
To capture live signaling traces to wireshark see: [[Live_signalling_capture_by_tbsigtrace|Live Signaling capture]]
  
The binary is located in the [InstallDir]/[PackageVersion]/bin/release/[Platform]/
+
=== More details on using the '''tbsigtrace''' application ===
 
+
Example:
+
 
+
Version 2.3.3, Windows system
+
  C:\TelcoBridges\toolpack\pkg\2.3.3\bin\release\i586-win32\tbsigtrace.exe
+
Version 2.3.5, CentOS 64 bits system
+
  /lib/tb/toolpack/pkg/2.3.5/bin/release/x86_64-linux64/tbsigtrace
+
 
+
== How to use it  ==
+
 
+
=== Command line  ===
+
  
 
Options available:  
 
Options available:  
Line 27: Line 23:
 
:-ss7 Default ss7 trace activation  
 
:-ss7 Default ss7 trace activation  
 
:-isdn Default isdn trace activation  
 
:-isdn Default isdn trace activation  
:-ip Default ip trace activation (sip and sigtran)  
+
:-old Isdn trace in cap file with lapd layer
 +
:-ip Default ip trace activation (sip, sigtran and iua)  
 +
:-h248 Default h248 trace activation
 +
:-lapd Default lapd trace activation
 +
:-cas Default cas trace activation
 
:-cap CAP format enabled  
 
:-cap CAP format enabled  
:-regroup Regroup entity of same type
+
:-format TXT format enabled
 +
:-single Create one file by signaling entity
 +
:-regroup Regroup identical signaling entity types in one file
 +
:-L XYZ  Specify which link will be captured. The name if found in the web configuration (ISDN_0 for example)
  
 
==== Examples  ====
 
==== Examples  ====
 
 
This will gather all ss7 links from one blade and put this in a single cap file  
 
This will gather all ss7 links from one blade and put this in a single cap file  
 +
tbsigtrace -ss7
  
  tbsigtrace -gw 12358 -adapter TB000544 -ss7 -regroup -cap
+
This will gather all isdn links and put them in on files  
 
+
tbsigtrace -isdn
This will gather all isdn links from one blade and put them in several files  
+
This will gather all isdn links with lapd layer and put them in separate text files
 
+
tbsigtrace -isdn -old -format
  tbsigtrace -gw 12358 -adapter TB000544 -isdn -cap
+
 
+
This will gather all sip traces and put them in a single cap file
+
 
+
  tbsigtrace -gw 12358 -adapter TB000544 -sip -regroup -cap
+
 
+
<br> In release 2.4 This will gather all sip and sigtran traces and put them in a single cap file for all adapters in the system
+
 
+
  tbsigtrace -gw 12358 -adapter all -ip -regroup -cap
+
 
+
This command will regroup all signaling types by group in 3 files (1 file for ss7, 1 for isdn and a last for sip( or ip)).
+
 
+
  tbsigtrace -gw 12358 -adapter TB000544 -regroup -cap
+
 
+
=== Configuration file (optional) ===
+
  
The configuration file will allow to get several blades in the same file  
+
This will gather all sip traces from the default gateway port and specific unit and put them in a single cap file
 +
tbsigtrace -gw 12358 -adapter TB000544 -ip
  
Example MTP2_LINK_0,MTP2_LINK_1 are on the same blade and MTP2_LINK_10,MTP2_LINK_11 are on an other blade
+
This will gather all h248 messages on the system and put this in a single cap file
 +
tbsigtrace -h248
  
  &lt;signaling&gt;
+
This will gather all IUA (ip and tdm sides) messages on the system and put this in a single cap file
 
+
tbsigtrace -ip -lapd
  &lt;sysmgr name = "MTP2_LINK_0" grpname="LS1" capfile="true" /&gt;
+
  &lt;sysmgr name = "MTP2_LINK_1" grpname="LS1" capfile="true" /&gt;
+
  &lt;sysmgr name = "MTP2_LINK_10" grpname="LS1" capfile="true" /&gt;
+
  &lt;sysmgr name = "MTP2_LINK_11" grpname="LS1" capfile="true" /&gt;
+
 
+
  &lt;/signaling&gt;
+
  
=== Web<br> ===
+
=== How to interpret the data  ===
  
You can start/stop tbsigtrace via web.<br>
+
When using wireshark (http://www.wireshark.org/) to analyze the captured data (in pcap format), you can apply multiple filters to scope your analysis around relevant data.  For example, in the following picture, you can see that the 'q931' filter was applied to show only ISDN-related packets.  Other userful keywords are here:
 +
* SIP: '''sip || rtp'''
 +
* ISDN: '''q921 || q931'''
 +
* SS7: '''mtp2 || mtp3 || isup'''
 +
* SCTP: '''sctp'''
 +
* Sigtran IUA: '''iua'''
 +
* Sigtran M2UA: '''m2ua'''
 +
* Sigtran M2PA: '''m2pa'''
 +
* Sigtran M3UA: '''m3ua'''
 +
* H.248: '''megaco'''
  
Create a new application configuration:
+
Be aware however that the pcap format is usually a container for "packet" data.  So, when TDM protocol such as ISDN or SS7 (non-sigtran) traffic is captured, tbsigtrace wraps the protocol around fake protocols layers (i.e. Ethernet/IP/SCTP) for wireshark to be able to open it and analyze it.  Again, in the picture below, you can see these fake layers that were inserted since the capture was made from a TDM link (T1) with the regular Q.921 (HDLC) transport protocol.  These layers have been stripped and replaced by Ethernet/IP/SCTP.
<pre>Name                  -&gt; oamsigtrace
+
Application Type      -&gt; User Specific
+
Bin Path              -&gt; @{PKG_BIN}/tbsigtrace
+
Working Path          -&gt; ../tbsigtrace
+
Command-line arguments -&gt; -adapter all -ss7 -regroup -cap
+
  
</pre>
+
Beside being able to use wireshark for analysis, these fake layers may also carry useful information.  For example, when looking at an ISDN capture, the fake-SCTP layer will contain the network-variant (e.g. DMS, NET5, etc) from which the capture was made.  Another useful information is contained in the fake-IP source and destination addresses:
Create a new application instance:<br>
+
* when (Src=w.x.y.z and Dst=0.0.0.0) it means an egress (outgoing) message. 
<pre>Name                  -&gt; oamsigtrace
+
* when (Src=0.0.0.0 and Dst=w.x.y.z) it means an ingress (incoming) message. 
Host                  -&gt; (put required host)
+
Application Config    -&gt; oamsigtrace
+
  
</pre>
+
[[Image:Tbsigtrace_pcap.png]]
You can control the application "oamsigtrace" with the application status page OR<br>you can use the option 'o' in tboamapp (page=Application launch manager) and change the state of oamsigtrace application<br>state (0=stop 1-mgmt 2-run).<br>
+
  
 
'''WARNING: tbsigtrace application should not be used all the time, otherwise it will reduce performance and fill completely your hard drive'''.
 
'''WARNING: tbsigtrace application should not be used all the time, otherwise it will reduce performance and fill completely your hard drive'''.

Latest revision as of 13:58, 28 March 2018

tbsigtrace is a debug tool that is use to collect signalling protocol messages. It can trace SS7, ISDN, SIP, Sigtran and H.248 messages and put it in a wireshark format. It can also capture CAS traces in a text format

Contents

How to use it

Connect SSH to the unit and type

tbsigtrace

This will capture all protocols available on the units. It will create one pcap file per protocol. To stop the application, type 'q'.
The output files are located here: /lib/tb/toolpack/setup/12358/[major version]/apps/tbsigtrace and can be retrieved with a sFTP tool.

To capture live signaling traces to wireshark see: Live Signaling capture

More details on using the tbsigtrace application

Options available:

-d Daemon mode
-name XYZ Application name
-db Not used
-c XYZ Configuration file to load
-gw XYZ SystemId (i.e. 12358)
-adapter TBXYZ Adapter name to connect or "all" to connect to all adapter in the system
-ss7 Default ss7 trace activation
-isdn Default isdn trace activation
-old Isdn trace in cap file with lapd layer
-ip Default ip trace activation (sip, sigtran and iua)
-h248 Default h248 trace activation
-lapd Default lapd trace activation
-cas Default cas trace activation
-cap CAP format enabled
-format TXT format enabled
-single Create one file by signaling entity
-regroup Regroup identical signaling entity types in one file
-L XYZ Specify which link will be captured. The name if found in the web configuration (ISDN_0 for example)

Examples

This will gather all ss7 links from one blade and put this in a single cap file

tbsigtrace -ss7

This will gather all isdn links and put them in on files

tbsigtrace -isdn

This will gather all isdn links with lapd layer and put them in separate text files

tbsigtrace -isdn -old -format

This will gather all sip traces from the default gateway port and specific unit and put them in a single cap file

tbsigtrace -gw 12358 -adapter TB000544 -ip

This will gather all h248 messages on the system and put this in a single cap file

tbsigtrace -h248

This will gather all IUA (ip and tdm sides) messages on the system and put this in a single cap file

tbsigtrace -ip -lapd

How to interpret the data

When using wireshark (http://www.wireshark.org/) to analyze the captured data (in pcap format), you can apply multiple filters to scope your analysis around relevant data. For example, in the following picture, you can see that the 'q931' filter was applied to show only ISDN-related packets. Other userful keywords are here:

  • SIP: sip || rtp
  • ISDN: q921 || q931
  • SS7: mtp2 || mtp3 || isup
  • SCTP: sctp
  • Sigtran IUA: iua
  • Sigtran M2UA: m2ua
  • Sigtran M2PA: m2pa
  • Sigtran M3UA: m3ua
  • H.248: megaco

Be aware however that the pcap format is usually a container for "packet" data. So, when TDM protocol such as ISDN or SS7 (non-sigtran) traffic is captured, tbsigtrace wraps the protocol around fake protocols layers (i.e. Ethernet/IP/SCTP) for wireshark to be able to open it and analyze it. Again, in the picture below, you can see these fake layers that were inserted since the capture was made from a TDM link (T1) with the regular Q.921 (HDLC) transport protocol. These layers have been stripped and replaced by Ethernet/IP/SCTP.

Beside being able to use wireshark for analysis, these fake layers may also carry useful information. For example, when looking at an ISDN capture, the fake-SCTP layer will contain the network-variant (e.g. DMS, NET5, etc) from which the capture was made. Another useful information is contained in the fake-IP source and destination addresses:

  • when (Src=w.x.y.z and Dst=0.0.0.0) it means an egress (outgoing) message.
  • when (Src=0.0.0.0 and Dst=w.x.y.z) it means an ingress (incoming) message.

Tbsigtrace pcap.png

WARNING: tbsigtrace application should not be used all the time, otherwise it will reduce performance and fill completely your hard drive.

Personal tools