Live signalling capture by tbsigtrace
From TBwiki
Revision as of 15:41, 9 August 2016 by Luc Morissette (Talk | contribs)
You can now activate tbsigtrace and pipe it directly in wireshark through SSH to get a live capture of SS7, ISDN, SIP, Sigtran and H.248 (not all in the same wireshark window). This page provides the procedure for a Windows base operating system using plink and wireshark tools.
WARNING: tbsigtrace application should not be used all the time, otherwise it might reduce performance. Also we suggest to do the live capture on only one Tmedia at a time.
The procedure is as following:
Contents |
Download plink
Download plink at http://the.earth.li/~sgtatham/putty/latest/x86/plink.exe
Place it in C:\Program Files\Putty directory
Execute the command to capture the signalling accordingly
This is the structure of the command:
plink.exe -ssh root@[IP_of_management_port] -P [ssh_port] -pw [ssh_password] "tbsigtrace -stdout -[protocol]" | "C:\Program Files\Wireshark\wireshark.exe" -k -i -
For SS7 capture
plink.exe -ssh root@10.10.10.10 -pw mypassword "tbsigtrace -stdout -ss7" | "C:\Program Files\Wireshark\wireshark.exe" -k -i -
For ISDN capture
plink.exe -ssh root@10.10.10.10 -pw mypassword "tbsigtrace -stdout -isdn" | "C:\Program Files\Wireshark\wireshark.exe" -k -i -
For SIP or SIGTRAN capture
plink.exe -ssh root@10.10.10.10 -pw mypassword "tbsigtrace -stdout -ip" | "C:\Program Files\Wireshark\wireshark.exe" -k -i -
For H.248 capture
plink.exe -ssh root@10.10.10.10 -pw mypassword "tbsigtrace -stdout -h248" | "C:\Program Files\Wireshark\wireshark.exe" -k -i -
For Radius or SNMP capture
plink.exe -ssh root@10.10.10.10 -pw mypassword "tcpdump -i mgmt0 -s 0 -w - -f 'not tcp port 22'" | "C:\Program Files\Wireshark\wireshark.exe" -k -i -