Howto:Pcap: Difference between revisions
No edit summary |
|||
Line 1: | Line 1: | ||
==Applies To== | ===Applies To=== | ||
This information applies to | This information applies to | ||
* V6 SR2 | * V6 SR2 | ||
=Remote PCAP= | ==Remote PCAP== | ||
==What is remote PCAP?== | ===What is remote PCAP?=== | ||
With remote PCAP, network traffic can be captured directly from another network device, instead of capturing the network traffic from the own device. | With remote PCAP, network traffic can be captured directly from another network device, instead of capturing the network traffic from the own device. | ||
==Requirements== | ===Requirements=== | ||
* You should have installed the latest wireshark release >= 0.9.9.6a [http://http://www.wireshark.org/download.html Wireshark Download] | * You should have installed the latest wireshark release >= 0.9.9.6a [http://http://www.wireshark.org/download.html Wireshark Download] | ||
Line 24: | Line 24: | ||
[[Image:Pcap_sample_dsp.jpg|center|thumb|200px|PCAP DSP example]] | [[Image:Pcap_sample_dsp.jpg|center|thumb|200px|PCAP DSP example]] | ||
==Setting up the rpcap server== | ===Setting up the rpcap server=== | ||
* The rpcap server can be any innovaphone device. | * The rpcap server can be any innovaphone device. | ||
Line 31: | Line 31: | ||
==Capturing with wireshark== | ===Capturing with wireshark=== | ||
Open your wireshark and the capture options dialogue. | Open your wireshark and the capture options dialogue. | ||
Line 41: | Line 41: | ||
Then just click on "Start" to start capturing. | Then just click on "Start" to start capturing. | ||
==Supported protocols== | ===Supported protocols=== | ||
* ISDN: LAPD L2/L3 with dissector innovaphone.dll (enable Diagnostics->Tracing->Interfaces TELX/PPP and/or Prot) | * ISDN: LAPD L2/L3 with dissector innovaphone.dll (enable Diagnostics->Tracing->Interfaces TELX/PPP and/or Prot) | ||
Line 55: | Line 55: | ||
Enable the corresponding flags under Diagnostics->Tracing, if you only want to see specific UDP/TCP protocols. To see all, enable the IP flag under Diagnostics->Tracing->IP. | Enable the corresponding flags under Diagnostics->Tracing, if you only want to see specific UDP/TCP protocols. To see all, enable the IP flag under Diagnostics->Tracing->IP. | ||
=PCAP Log= | ==PCAP Log== | ||
Another possibility to get a pcap log file is to open http://IP/log.pcap | Another possibility to get a pcap log file is to open http://IP/log.pcap | ||
This file has a limited size just as the normal log file. | This file has a limited size just as the normal log file. | ||
=log2pcap= | ==log2pcap== | ||
You need the tool log2pcap, if you have a log.txt file, which contains pcap packets and you want to view them in wireshark. You can find the tool in the apps-folder. | You need the tool log2pcap, if you have a log.txt file, which contains pcap packets and you want to view them in wireshark. You can find the tool in the apps-folder. | ||
Line 67: | Line 67: | ||
log2pcap.exe input.txt output.pcap | log2pcap.exe input.txt output.pcap | ||
=General Informations= | ==General Informations== | ||
==Disabling PCAP traces== | ===Disabling PCAP traces=== | ||
You can disable the whole pcap tracing. Just configure a /disable-pcap to the CMD0 module. This can be useful if you do not want to see pcap traces in your log file. | You can disable the whole pcap tracing. Just configure a /disable-pcap to the CMD0 module. This can be useful if you do not want to see pcap traces in your log file. | ||
==Used ports== | ===Used ports=== | ||
* The isdn traces are | * The isdn traces are encapsulated in UDP packets with port 4. | ||
* The ac dsp traces are | * The ac dsp traces are encapsulated in UDP packets with port 50001. | ||
* Wireshark uses port 2002 to connect to the running rpcap-server | * Wireshark uses port 2002 to connect to the running rpcap-server | ||
* rpcap packets are transfered over a dynamically assigned port between server and client | * rpcap packets are transfered over a dynamically assigned port between server and client | ||
==Additional Remote PCAP trace== | ===Additional Remote PCAP trace=== | ||
You will find a Checkbox Trace under Diagnostics->Tracing Group "Remote Pcap". This should just be enabled if you are experiencing problems when connecting to the box with wireshark. | You will find a Checkbox Trace under Diagnostics->Tracing Group "Remote Pcap". This should just be enabled if you are experiencing problems when connecting to the box with wireshark. | ||
=Known Problems= | ==Known Problems== | ||
=Related Articles= | ==Related Articles== | ||
=To Do= | ==To Do== | ||
* When moving this chapter to a public page, change the following page and add new group remote pcap and new flag under group IP: "[[Reference:Administration/Diagnostics/Tracing|Administration/Diagnostics/Tracing]]" | * When moving this chapter to a public page, change the following page and add new group remote pcap and new flag under group IP: "[[Reference:Administration/Diagnostics/Tracing|Administration/Diagnostics/Tracing]]" | ||
* Move dlls to the correct folder on download.innovaphone.com | * Move dlls to the correct folder on download.innovaphone.com | ||
* log2pcap link | * log2pcap link |
Revision as of 14:27, 16 October 2007
Applies To
This information applies to
- V6 SR2
Remote PCAP
What is remote PCAP?
With remote PCAP, network traffic can be captured directly from another network device, instead of capturing the network traffic from the own device.
Requirements
- You should have installed the latest wireshark release >= 0.9.9.6a Wireshark Download
- If you want to display ISDN LAPD/Q.931 packets, you have to install the innovaphone.dll. Just copy the dll to your wireshark plugin directory and pay attention on your currently used version (e.g.: c:\programme\wireshark\plugins\0.99.6a\).
- If you want to display AC DSP packets (only IP22,IP24,IP302 and IP305), you have to install the Ac49xPacketRecording.dll. Install it like the innovaphone.dll.
- open the example pcap file with lapd and q.931 packets to check your current installation. It should look like this, if you have the innovaphone.dll correctly installed:
- The example pcap file with dsp packets should look like this, if you have the audiocodes dll correctly installed:
Setting up the rpcap server
- The rpcap server can be any innovaphone device.
- The remote pcap server is disabled per default. To enable it, just go to Diagnostics->Tracing and check the "Enable" flag in the "Remote PCAP" group. If you are experiencing problems, also enable the trace flag.
- To capture all ip traffic (udp and tcp), enable the "IP (PCAP only)" flag in the group "IP". Otherwise just enable all the trace flags on the modules you want to capture.
Capturing with wireshark
Open your wireshark and the capture options dialogue. Type "rpcap://IP/TRACE" into the interface field.
It should look like this:
Then just click on "Start" to start capturing.
Supported protocols
- ISDN: LAPD L2/L3 with dissector innovaphone.dll (enable Diagnostics->Tracing->Interfaces TELX/PPP and/or Prot)
- AC DSP: dsp with dissector Ac49xPacketRecording.dll (enable Diagnostics->Tracing->VOIP DSP)
- PPPoE: flag "/pcap" on module(s) PPPOE0/PPPOE1 enables pcap tracing
- All TCP/UDP protocols which are supported by native wireshark dissectors or other dissectors which can be found searching the internet.
e.g.: SIP H.323 H.245
Enable the corresponding flags under Diagnostics->Tracing, if you only want to see specific UDP/TCP protocols. To see all, enable the IP flag under Diagnostics->Tracing->IP.
PCAP Log
Another possibility to get a pcap log file is to open http://IP/log.pcap This file has a limited size just as the normal log file.
log2pcap
You need the tool log2pcap, if you have a log.txt file, which contains pcap packets and you want to view them in wireshark. You can find the tool in the apps-folder.
Usage: log2pcap.exe input.txt output.pcap
General Informations
Disabling PCAP traces
You can disable the whole pcap tracing. Just configure a /disable-pcap to the CMD0 module. This can be useful if you do not want to see pcap traces in your log file.
Used ports
- The isdn traces are encapsulated in UDP packets with port 4.
- The ac dsp traces are encapsulated in UDP packets with port 50001.
- Wireshark uses port 2002 to connect to the running rpcap-server
- rpcap packets are transfered over a dynamically assigned port between server and client
Additional Remote PCAP trace
You will find a Checkbox Trace under Diagnostics->Tracing Group "Remote Pcap". This should just be enabled if you are experiencing problems when connecting to the box with wireshark.
Known Problems
Related Articles
To Do
- When moving this chapter to a public page, change the following page and add new group remote pcap and new flag under group IP: "Administration/Diagnostics/Tracing"
- Move dlls to the correct folder on download.innovaphone.com
- log2pcap link