Live signalling capture by tbsigtrace
From TBwiki
(Difference between revisions)
(Add a note that this page is for Windows OS.) |
(Simplifed Live signaling capture page) |
||
Line 1: | Line 1: | ||
− | You can now activate tbsigtrace and pipe it directly in wireshark through SSH to get a live capture SS7, ISDN | + | You can now activate tbsigtrace and pipe it directly in wireshark through SSH to get a live capture of SS7, ISDN, SIP, Sigtran and H.248 (not all in the same wireshark window). This page provides the procedure for a Windows base operating system using plink and wireshark tools. |
'''WARNING: tbsigtrace application should not be used all the time, otherwise it might reduce performance. Also we suggest to do the live capture on only one Tmedia at a time'''. | '''WARNING: tbsigtrace application should not be used all the time, otherwise it might reduce performance. Also we suggest to do the live capture on only one Tmedia at a time'''. | ||
The procedure is as following: | The procedure is as following: | ||
− | |||
==== Download plink ==== | ==== Download plink ==== | ||
+ | Download plink at http://the.earth.li/~sgtatham/putty/latest/x86/plink.exe <br> | ||
+ | Place it in '''C:\Program Files\Putty directory''' | ||
− | + | === Execute the command to capture the signalling accordingly === | |
− | + | This is the structure of the command: | |
+ | plink.exe -ssh root@[IP_of_management_port] -P [ssh_port] -pw [ssh_password] "tbsigtrace -stdout -[protocol]" | "C:\Program Files\Wireshark\wireshark.exe" -k -i - | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
===== For SS7 capture ===== | ===== For SS7 capture ===== | ||
− | + | plink.exe -ssh root@10.10.10.10 -pw mypassword "tbsigtrace -stdout -ss7" | "C:\Program Files\Wireshark\wireshark.exe" -k -i - | |
− | + | ||
− | + | ||
− | + | ||
− | + | ||
===== For ISDN capture ===== | ===== For ISDN capture ===== | ||
− | + | plink.exe -ssh root@10.10.10.10 -pw mypassword "tbsigtrace -stdout -isdn" | "C:\Program Files\Wireshark\wireshark.exe" -k -i - | |
− | + | ||
− | + | ||
− | + | ||
− | + | ||
===== For SIP or SIGTRAN capture ===== | ===== For SIP or SIGTRAN capture ===== | ||
− | + | plink.exe -ssh root@10.10.10.10 -pw mypassword "tbsigtrace -stdout -ip" | "C:\Program Files\Wireshark\wireshark.exe" -k -i - | |
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | ===== For | + | ===== For H.248 capture ===== |
− | + | plink.exe -ssh root@10.10.10.10 -pw mypassword "tbsigtrace -stdout -h248" | "C:\Program Files\Wireshark\wireshark.exe" -k -i - | |
− | + | ===== For Radius or SNMP capture ===== | |
− | + | plink.exe -ssh root@10.10.10.10 -pw mypassword "tcpdump -i mgmt0 -s 0 -w - -f 'not tcp port 22'" | "C:\Program Files\Wireshark\wireshark.exe" -k -i - |
Revision as of 15:41, 9 August 2016
You can now activate tbsigtrace and pipe it directly in wireshark through SSH to get a live capture of SS7, ISDN, SIP, Sigtran and H.248 (not all in the same wireshark window). This page provides the procedure for a Windows base operating system using plink and wireshark tools.
WARNING: tbsigtrace application should not be used all the time, otherwise it might reduce performance. Also we suggest to do the live capture on only one Tmedia at a time.
The procedure is as following:
Contents |
Download plink
Download plink at http://the.earth.li/~sgtatham/putty/latest/x86/plink.exe
Place it in C:\Program Files\Putty directory
Execute the command to capture the signalling accordingly
This is the structure of the command:
plink.exe -ssh root@[IP_of_management_port] -P [ssh_port] -pw [ssh_password] "tbsigtrace -stdout -[protocol]" | "C:\Program Files\Wireshark\wireshark.exe" -k -i -
For SS7 capture
plink.exe -ssh root@10.10.10.10 -pw mypassword "tbsigtrace -stdout -ss7" | "C:\Program Files\Wireshark\wireshark.exe" -k -i -
For ISDN capture
plink.exe -ssh root@10.10.10.10 -pw mypassword "tbsigtrace -stdout -isdn" | "C:\Program Files\Wireshark\wireshark.exe" -k -i -
For SIP or SIGTRAN capture
plink.exe -ssh root@10.10.10.10 -pw mypassword "tbsigtrace -stdout -ip" | "C:\Program Files\Wireshark\wireshark.exe" -k -i -
For H.248 capture
plink.exe -ssh root@10.10.10.10 -pw mypassword "tbsigtrace -stdout -h248" | "C:\Program Files\Wireshark\wireshark.exe" -k -i -
For Radius or SNMP capture
plink.exe -ssh root@10.10.10.10 -pw mypassword "tcpdump -i mgmt0 -s 0 -w - -f 'not tcp port 22'" | "C:\Program Files\Wireshark\wireshark.exe" -k -i -