VoIP Ethernet Capture TMG800
Applies to version(s): v2.8, v2.9, v2.10
Capturing using the TMG800's internal host
The TMG800's internal host can be used for capturing packets that are mirrored from the VOIP0 and/or VOIP1 physical ports. This includes RTP traffic.
Preparing the Tmedia for capture
- If the traffic to be captured is on a VLAN, then an IP Interface with the services "MANAGEMENT" must be created.
- The IP has to be static and on the same network as the one to capture.
- The virtual port assigned must be the same as the port to capture. See IP Interface.
- The IP has to be static and on the same network as the one to capture.
Start Capture
You need two SSH sessions to capture the traffic:
First, access the Tmedia management interface using SSH. Then, access the telecom baseboard using
telnet 172.31.1.1
Prompt is now
tml>
Do command
mv88eMonitor
- If the output is like this (TMG800v4):
PortDesc : voip0 voip1 sw6352 fpga mgmt0 mgmt1 eth0 eth1 host sw6321 cpu PortNumber : 0 1 2 3 4 5 6 7 8 9 10 11 12 13 PortMask : 0x1 0x2 0x4 0x8 0x10 0x20 0x40 0x80 0x100 0x200 0x400 0x800 0x1000 0x2000
- Use this command to capture VoIP0 traffic (for 600 seconds or 10 minutes):
mv88eMonitor 0x8 0x8 11 600
- Use this command to capture VoIP1 traffic:
mv88eMonitor 0x10 0x10 11 600
- If the output is like this (TMG800v2):
PortDesc : voip0 voip1 host mgmt cpu fpga PortNumber : 0 1 2 3 4 5 PortMask : 0x1 0x2 0x4 0x8 0x10 0x20
- Use this command to capture VoIP0 traffic (for 600 seconds or 10 minutes):
mv88eMonitor 0x1 0x1 2 600
- Use this command to capture VoIP1 traffic:
mv88eMonitor 0x2 0x2 2 600
Note: We don't recommend to keep the capturing for a long time. This is only for debugging purpose.
Second, access the Tmedia management interface using SSH.
Prompt is now
[root@TBxxxxxx ~]#
To dump the content of the VOIP traffic in the file voip_capture.cap
if the VOIP traffic is untagged:
tcpdump -i mgmt0 -s 1500 -w voip_capture.cap
If the traffic is tagged, use the name of the IP interface created previously (for example vlan333)
tcpdump -i vlan333 -s 1500 -w voip_capture.cap
You will see something like this:
tcpdump: listening on mgmt0, link-type EN10MB (Ethernet), capture size 1500 bytes
Stop Capture
When you're ready, stop the capture by pressing control-C on the shell that was running tcpdump command
You will see something like this:
364 packets captured 590 packets received by filter 0 packets dropped by kernel
- Access the telecom baseboard from the Tmedia using telnet.
telnet 172.31.1.1
- Stop the capture
mv88eMonitor 0 0 0
Download Capture
To download the voip_capture.cap file, use SSH secure copy ("sftp") to the Tmedia management port. This can be done on Windows using tools like Filezilla or WinSCP.
The file will be located in
/root