VoIP Ethernet Capture

The Tmedia product can configure one of its VoIP Ethernet ports to do Port Mirroring. This is useful when investigating RTP, Codecs or IP Tones issues.

Preparing the Tmedia for capture (enable ports mirroring)

• If the traffic to be captured is on a 802.1Q VLAN and the Tctrl version is >= 2.8, an IP interface with the 'MANAGEMENT' service must be created through the Web Portal. The IP interface must be assigned to a virtual port that is assigned to the capture port and uses the 802.1Q VLAN ID that is targeted by the capture.
• Access the Tmedia unit using SSH.
• Access the telecom baseboard from the Tmedia using telnet.

telnet 172.31.1.1

• Type in the mv88eMonitor command to get the list of ports on the unit:

mv88eMonitor

• A list (such as the one below) should appear:

Port Mapping:
PortDesc   :   eth0   eth1  voip0  voip1 mspeedsw1 mspeedsw2  fpga0  fpga1   host    cpu
PortNumber :      0      1      2      3         4         5      6      7      8      9
PortMask   :    0x1    0x2    0x4    0x8      0x10      0x20   0x40   0x80  0x100  0x200

• The 'PortNumber' is the destination port for the capture.
  • If the traffic is to be captured on the internal host of the TMG unit, use the number below the host port (in the above example, 8).
  • If the traffic is to be captured on an external host (laptop, PC, or specialized equipment), choose the number below the desired target port (for example, 0 for eth0).
• The 'PortMask' is the source mask for the capture. On the above example, traffic going through the voip0 port would be captured using the 0x4 mask.
• Use the mv88eMonitor command in order to mirror traffic as desired. Here is the syntax:

mv88eMonitor <IngressPortMask> <EgressPortMask> <PortNumber> <TimeoutInSeconds>

• • The 'IngressPortMask' is the mask used for capturing traffic that is sent to the TMG.
  • The 'EgressPortMask' is the mask used for capturing traffic that is sent from the TMG.
  • The 'PortNumber' is where the captured traffic should be mirrored to.
  • The 'TimeoutInSeconds' is the time the mirror operation is active before being automatically stopped.
• Here is an example to mirror all the voip0 traffic to a TMG3200's internal host, for 60 seconds:

mv88eMonitor 0x4 0x4 8 60

• Here is an example to mirror the incoming voip0 traffic on a TMG3200 to an external host connected to the eth1 port:

mv88eMonitor 0x4 0 1 60

Start the capture

• Exit the telecom baseboard's shell (type "exit")
• If the capture is to be done on an external host, use a tool such as 'Wireshark' to capture and analyze the mirrored traffic.
  • When configuring a port as a mirror, it is important to connect that Ethernet port directly to a host (like a laptop). Otherwise, it could cause issues such as an Ethernet loop.
  • If capturing 802.1Q tagged traffic, make sure the receiving equipment is actually configured to process 802.1Q tagged traffic.
• If the capture is to be done on the TMG's internal host:
  • Use the tbproduct command to find out which product is currently used.
  • Use the following table to know on which Linux interface to capture the traffic:

• Use the "tcpdump" tool to capture mirrored packets:

tcpdump -i mgmt0 -s 1500 -w capture_file.cap

• To capture 802.1Q tagged traffic, use the correct VLAN interface:

tcpdump -i vlan333 -s 1500 -w capture_file.cap

Stop the Capture

When you're ready, stop the capture by

• pressing control-C on the shell that was running tcpdump command
• Access the telecom baseboard from the Tmedia using telnet.

telnet 172.31.1.1

• Stop the capture

mv88eMonitor 0 0 0

Download the Capture

To download the capture, use SSH secure copy ("sftp") to the Tmedia management port. This can be done on Windows using tools like Filezilla.

Procedure

• VoIP Ethernet Capture for v2.9
• VoIP Ethernet Capture for v2.8
• VoIP Ethernet Capture for v2.7