VoIP Ethernet Capture TMG800 B

From TBwiki
(Difference between revisions)
Jump to: navigation, search
m
(Reversed the TMG800v4 and v2 instructions (I always make the mistake and use the wrong one!))
Line 20: Line 20:
 
Do command
 
Do command
 
  mv88eMonitor
 
  mv88eMonitor
*If the output is like this (TMG800v2):
 
PortDesc  :  voip0  voip1  host  mgmt    cpu  fpga
 
PortNumber :      0      1      2      3      4      5
 
PortMask  :    0x1    0x2    0x4    0x8  0x10  0x20
 
:Use this command to capture VoIP0 traffic (for 600 seconds or 10 minutes):
 
mv88eMonitor 0x1 0x1 2 600
 
:Use this command to capture VoIP1 traffic:
 
mv88eMonitor 0x2 0x2 2 600
 
  
 
*If the output is like this (TMG800v4):
 
*If the output is like this (TMG800v4):
Line 38: Line 30:
 
  mv88eMonitor 0x10 0x10 11 600
 
  mv88eMonitor 0x10 0x10 11 600
  
 +
*If the output is like this (TMG800v2):
 +
PortDesc  :  voip0  voip1  host  mgmt    cpu  fpga
 +
PortNumber :      0      1      2      3      4      5
 +
PortMask  :    0x1    0x2    0x4    0x8  0x10  0x20
 +
:Use this command to capture VoIP0 traffic (for 600 seconds or 10 minutes):
 +
mv88eMonitor 0x1 0x1 2 600
 +
:Use this command to capture VoIP1 traffic:
 +
mv88eMonitor 0x2 0x2 2 600
  
 
Note: We don't recommend to keep the capturing for a long time. This is only for debugging purpose.
 
Note: We don't recommend to keep the capturing for a long time. This is only for debugging purpose.
Line 52: Line 52:
 
You will see something like this:
 
You will see something like this:
 
  tcpdump: listening on mgmt0, link-type EN10MB (Ethernet), capture size 1500 bytes
 
  tcpdump: listening on mgmt0, link-type EN10MB (Ethernet), capture size 1500 bytes
 
  
 
=== Stop Capture ===
 
=== Stop Capture ===

Revision as of 16:28, 10 November 2017

Applies to version(s): v2.8, v2.9, v2.10

Capturing using the TMG800's internal host

The TMG800's internal host can be used for capturing packets that are mirrored from the VOIP0 and/or VOIP1 physical ports. This includes RTP traffic.

Preparing the Tmedia for capture

  • If the traffic to be captured is on a VLAN, then an IP Interface with the services "MANAGEMENT" must be created.
    • The IP has to be static and on the same network as the one to capture.
    • The virtual port assigned must be the same as the port to capture. See IP Interface.

Start Capture

You need two SSH sessions to capture the traffic:

First, access the Tmedia management interface using SSH. Then, access the telecom baseboard using

telnet 172.31.1.1

Prompt is now

tml>

Do command

mv88eMonitor
  • If the output is like this (TMG800v4):
PortDesc   :                       voip0  voip1 sw6352   fpga  mgmt0  mgmt1   eth0   eth1   host sw6321    cpu
PortNumber :      0      1      2      3      4      5      6      7      8      9     10     11     12     13
PortMask   :    0x1    0x2    0x4    0x8   0x10   0x20   0x40   0x80  0x100  0x200  0x400  0x800 0x1000 0x2000
Use this command to capture VoIP0 traffic (for 600 seconds or 10 minutes):
mv88eMonitor 0x8 0x8 11 600
Use this command to capture VoIP1 traffic:
mv88eMonitor 0x10 0x10 11 600
  • If the output is like this (TMG800v2):
PortDesc   :  voip0  voip1   host   mgmt    cpu   fpga
PortNumber :      0      1      2      3      4      5
PortMask   :    0x1    0x2    0x4    0x8   0x10   0x20
Use this command to capture VoIP0 traffic (for 600 seconds or 10 minutes):
mv88eMonitor 0x1 0x1 2 600
Use this command to capture VoIP1 traffic:
mv88eMonitor 0x2 0x2 2 600

Note: We don't recommend to keep the capturing for a long time. This is only for debugging purpose.

Second, access the Tmedia management interface using SSH. Prompt is now

[root@TBxxxxxx ~]#

To dump the content of the VOIP traffic in the file voip_capture.cap
if the VOIP traffic is untagged:

tcpdump -i mgmt0 -s 1500 -w voip_capture.cap

If the traffic is tagged, use the name of the IP interface created previously (for example vlan333)

tcpdump -i vlan333 -s 1500 -w voip_capture.cap

You will see something like this:

tcpdump: listening on mgmt0, link-type EN10MB (Ethernet), capture size 1500 bytes

Stop Capture

When you're ready, stop the capture by pressing control-C on the shell that was running tcpdump command
You will see something like this:

364 packets captured
590 packets received by filter
0 packets dropped by kernel
  • Access the telecom baseboard from the Tmedia using telnet.
telnet 172.31.1.1
  • Stop the capture
mv88eMonitor 0 0 0

Download Capture

To download the voip_capture.cap file, use SSH secure copy ("sftp") to the Tmedia management port. This can be done on Windows using tools like Filezilla or WinSCP.
The file will be located in

/root

References

Personal tools