Howto:Pcap: Difference between revisions
No edit summary |
(→To Do) |
||
Line 65: | Line 65: | ||
== To Do == | == To Do == | ||
When moving this chapter to a public page, change the following page and add new group remote pcap and new flag under group IP: "[[Reference:Configuration/ | When moving this chapter to a public page, change the following page and add new group remote pcap and new flag under group IP: "[[Reference:Configuration/Diagnostics/Tracing|Configuration/Diagnostics/Tracing]]" |
Revision as of 12:39, 2 October 2007
Applies To
This information applies to
- V6 SR2
Remote PCAP
What is remote PCAP?
With remote PCAP, network traffic can be captured directly from another network device, instead of capturing the network traffic from the own device.
Requirements
- You should have installed the latest wireshark release > 0.9.9.6 Wireshark Download
- If you want to display ISDN LAPD/Q.931 packets, you have to install the innovaphone.dll. Just copy the dll to your wireshark plugin directory and pay attention on your currently used version (e.g.: c:\programme\wireshark\plugins\0.99.6a\).
- If you want to display AC DSP packets (only IP22,IP24,IP302 and IP305), you have to install the Ac49xPacketRecording.dll. Install it like the innovaphone.dll.
- open the example pcap file with lapd and q.931 packets to check your current installation. It should look like this, if you have the innovaphone.dll correctly installed:
- and the example pcap file with dsp packets like this, if you have the audiocodes dll correctly installed:
Setting up the rpcap server
- The rpcap server can be any innovaphone device.
- The remote pcap server is disabled per default. To enable it, just go to Diagnostics->Tracing and check the "Enable" flag in the "Remote PCAP" group. If you are experiencing problems, also enable the trace flag.
- To capture all ip traffic (udp and tcp), enable the "IP (PCAP only)" flag in the group "IP". Otherwise just enable all the trace flags on the modules you want to capture.
Capturing with wireshark
Open your wireshark and the capture options dialogue. Type "rpcap://IP/TRACE" into the interface field.
It should look like this:
Then just click on "Start" to start capturing.
PCAP Log
Another possibility to get a pcap log file is to open http://IP/log.pcap This file has a limited size just as the normal log file.
Disabling PCAP traces
You can disable the whole pcap tracing. Just configure a /disable-pcap to the CMD0 module. This can be useful if you do not want to see pcap traces in your log file.
General Informations
- The isdn traces are transfered via UDP on port 4.
- The ac dsp traces are transfered via UDP on port 50001.
Known Problems
Related Articles
To Do
When moving this chapter to a public page, change the following page and add new group remote pcap and new flag under group IP: "Configuration/Diagnostics/Tracing"