Applies To

This information applies to

• V6 SR2

Remote PCAP

What is remote PCAP?

With remote PCAP, network traffic can be captured directly from another network device, instead of capturing the network traffic from the own device.

Requirements

• You should have installed the latest wireshark release >= 0.9.9.6a Wireshark Download
• If you want to display ISDN LAPD/Q.931 packets, you have to install the innovaphone.dll. Just copy the dll to your wireshark plugin directory and pay attention on your currently used version (e.g.: c:\programme\wireshark\plugins\0.99.6a\).
• If you want to display AC DSP packets (only IP22,IP24,IP302 and IP305), you have to install the Ac49xPacketRecording.dll. Install it like the innovaphone.dll.
• open the example pcap file with lapd and q.931 packets to check your current installation. It should look like this, if you have the innovaphone.dll correctly installed:

PCAP ISDN example

• The example pcap file with dsp packets should look like this, if you have the audiocodes dll correctly installed:

PCAP DSP example

Setting up the rpcap server

• The rpcap server can be any innovaphone device.
• The remote pcap server is disabled per default. To enable it, just go to Diagnostics->Tracing and check the "Enable" flag in the "Remote PCAP" group. If you are experiencing problems, also enable the trace flag.
• To capture all ip traffic (udp and tcp), enable the "IP (PCAP only)" flag in the group "IP". Otherwise just enable all the trace flags on the modules you want to capture.

Capturing with wireshark

Open your wireshark and the capture options dialogue. Type "rpcap://IP/TRACE" into the interface field.

It should look like this:

Wireshark capture options

Then just click on "Start" to start capturing.

Supported protocols

• ISDN: LAPD L2/L3 with dissector innovaphone.dll (enable Diagnostics->Tracing->Interfaces TELX/PPP and/or Prot)
• AC DSP: dsp with dissector Ac49xPacketRecording.dll (enable Diagnostics->Tracing->VOIP DSP)
• PPPoE: flag "/pcap" on module(s) PPPOE0/PPPOE1 enables pcap tracing

• All TCP/UDP protocols which are supported by native wireshark dissectors or other dissectors which can be found searching the internet.

e.g.: SIP H.323 H.245

Enable the corresponding flags under Diagnostics->Tracing, if you only want to see specific UDP/TCP protocols. To see all, enable the IP flag under Diagnostics->Tracing->IP.

PCAP Log

Another possibility to get a pcap log file is to open http://IP/log.pcap This file has a limited size just as the normal log file.

log2pcap

You need the tool log2pcap, if you have a log.txt file, which contains pcap packets and you want to view them in wireshark. You can find the tool in the apps-folder. Usage: log2pcap.exe input.txt output.pcap

General Informations

Disabling PCAP traces

You can disable the whole pcap tracing. Just configure a /disable-pcap to the CMD0 module. This can be useful if you do not want to see pcap traces in your log file.

Used ports

• The isdn traces are transfered via UDP on port 4.
• The ac dsp traces are transfered via UDP on port 50001.
• Wireshark uses port 2002 to connect to the running rpcap-server
• rpcap packets are transfered over a dynamically assigned port between server and client

Additional Remote PCAP trace

You will find a Checkbox Trace under Diagnostics->Tracing Group "Remote Pcap". This should just be enabled if you are experiencing problems when connecting to the box with wireshark.

Known Problems

Related Articles

To Do

• When moving this chapter to a public page, change the following page and add new group remote pcap and new flag under group IP: "Administration/Diagnostics/Tracing"
• Move dlls to the correct folder on download.innovaphone.com
• log2pcap link