Cisco Cisco TelePresence Video Communication Server Expressway 문제 해결 가이드
Wireshark
Cisco VCS troubleshooting procedures
Page 7 of 9
Wireshark
You can take a TCPdump on the VCS which can then be copied off the system and analyzed in
Wireshark or similar tools.
Wireshark or similar tools.
A packet capture of all the network traffic being received and sent via the VCS Ethernet interfaces can
be saved to the VCS hard drive. The packet capture will include all network traffic (including RTP – if
the media is routed via the VCS) seen by the VCS Ethernet interface.
be saved to the VCS hard drive. The packet capture will include all network traffic (including RTP – if
the media is routed via the VCS) seen by the VCS Ethernet interface.
Note: if TLS connections are used for SIP signaling, Wireshark will only show the TLS packets, it will
not be able to decode the SIP traffic.
not be able to decode the SIP traffic.
On VCS, log in as root and type:
mkdir /mnt/harddisk/traces
cd /mnt/harddisk/traces
Then to activate the trace type:
tcpdump -w trace.cap -s 0 -C 10
-w instructs tcpdump to write the raw packets to file rather than parsing and printing them out.
The raw packets are (initially) written to the specified file name (in this case trace.cap).
The raw packets are (initially) written to the specified file name (in this case trace.cap).
-s sets snaplen to 0 (which instructs tcpdump to capture complete packets regardless of packet
length).
length).
-C restricts the output file size to the number (following the option) in millions of bytes.
In the example above, after the initial output file has reached 10 million bytes in length (~10 MB) then
a new output file is created and used. The file name will have an incremental index appended to it
(trace, trace2, trace3 and so on)
a new output file is created and used. The file name will have an incremental index appended to it
(trace, trace2, trace3 and so on)
By default the tcpdump command (without the -i option specified) will collect packet data from the
lowest available interface ID, that is eth0.
lowest available interface ID, that is eth0.
To stop the packet collection, press Ctrl+C
The capture files will be available in the following directory:
/mnt/harddisk/traces/
Use an application which can do SCP to copy them to a local machine (PC). For example, Winscp is a
free SCP client for Windows.
free SCP client for Windows.
If after the packet capture has been stopped, the OS reports that packets have been dropped during
the capture (which could happen on very busy systems), make a note of it and let the support
organization know, if the packet trace is to be sent on to them.
the capture (which could happen on very busy systems), make a note of it and let the support
organization know, if the packet trace is to be sent on to them.