VoIP Ethernet Capture TMG800

From TBwiki
Revision as of 14:16, 3 August 2020 by Luc Morissette (Talk | contribs)
Jump to: navigation, search

Applies to all versions after 2.8

Capturing using the TMG800's internal host

The TMG800's internal host can be used for capturing packets that are mirrored from the VOIP0 and/or VOIP1 physical ports. This includes RTP traffic.

Preparing the Tmedia for capture

  • If the traffic to be captured is on a VLAN, then an IP Interface with the services "MANAGEMENT" must be created.
    • The IP has to be static and on the same network as the one to capture.
    • The virtual port assigned must be the same as the port to capture. See IP Interface.

Start Capture

You need two SSH sessions to capture the traffic:

First, access the Tmedia management interface using SSH. Then, access the telecom baseboard using 

telnet 172.31.1.1

Prompt is now 

tml>

Do command 

mv88eMonitor
  • If the output is like this (TMG800v4): 
PortDesc   :                       voip0  voip1 sw6352   fpga  mgmt0  mgmt1   eth0   eth1   host sw6321    cpu
PortNumber :      0      1      2      3      4      5      6      7      8      9     10     11     12     13
PortMask   :    0x1    0x2    0x4    0x8   0x10   0x20   0x40   0x80  0x100  0x200  0x400  0x800 0x1000 0x2000
Use this command to capture VoIP0 traffic (for 600 seconds or 10 minutes): 
mv88eMonitor 0x8 0x8 11 600
Use this command to capture VoIP1 traffic: 
mv88eMonitor 0x10 0x10 11 600


  • If the output is like this (TMG800v2): 
PortDesc   :  voip0  voip1   host   mgmt    cpu   fpga
PortNumber :      0      1      2      3      4      5
PortMask   :    0x1    0x2    0x4    0x8   0x10   0x20
Use this command to capture VoIP0 traffic (for 600 seconds or 10 minutes): 
mv88eMonitor 0x1 0x1 2 600
Use this command to capture VoIP1 traffic: 
mv88eMonitor 0x2 0x2 2 600

Note: We don't recommend to keep the capturing for a long time. This is only for debugging purpose.

Second, access the Tmedia management interface using SSH. Prompt is now 

[root@TBxxxxxx ~]#

To dump the content of the VOIP traffic in the file voip_capture.cap
if the VOIP traffic is untagged: 

tcpdump -i mgmt0 -s 1500 -w voip_capture.cap

If the traffic is tagged, use the name of the IP interface created previously (for example vlan333) 

tcpdump -i vlan333 -s 1500 -w voip_capture.cap

You will see something like this: 

tcpdump: listening on mgmt0, link-type EN10MB (Ethernet), capture size 1500 bytes

Stop Capture

When you're ready, stop the capture by pressing control-C on the shell that was running tcpdump command
You will see something like this: 

364 packets captured
590 packets received by filter
0 packets dropped by kernel
  • Access the telecom baseboard from the Tmedia using telnet. 
telnet 172.31.1.1
  • Stop the capture 
mv88eMonitor 0 0 0

Download Capture

To download the voip_capture.cap file, use SSH secure copy ("sftp") to the Tmedia management port. This can be done on Windows using tools like Filezilla or WinSCP.
The file will be located in 

/root

References

Retrieved from "https://docs.telcobridges.com/mediawiki/index.php?title=VoIP_Ethernet_Capture_TMG800_B&oldid=28675"
Personal tools