Actions

VoIP Ethernet Capture TMG800

Revision as of 15:16, 3 August 2020 by Luc Morissette (talk | contribs) (Collapsed TMG800v2 instructions)

Applies to all versions after 2.8

Capturing using the TMG800's internal host

The TMG800's internal host can be used for capturing packets that are mirrored from the VOIP0 and/or VOIP1 physical ports. This includes RTP traffic.

Preparing the Tmedia for capture

  • If the traffic to be captured is on a VLAN, then an IP Interface with the services "MANAGEMENT" must be created.
    • The IP has to be static and on the same network as the one to capture.
    • The virtual port assigned must be the same as the port to capture. See IP Interface.

Start Capture

You need two SSH sessions to capture the traffic:

First, access the Tmedia management interface using SSH. Then, access the telecom baseboard using

telnet 172.31.1.1

Prompt is now

tml>

Do command

mv88eMonitor
  • If the output is like this (TMG800v4):
PortDesc   :                       voip0  voip1 sw6352   fpga  mgmt0  mgmt1   eth0   eth1   host sw6321    cpu
PortNumber :      0      1      2      3      4      5      6      7      8      9     10     11     12     13
PortMask   :    0x1    0x2    0x4    0x8   0x10   0x20   0x40   0x80  0x100  0x200  0x400  0x800 0x1000 0x2000
Use this command to capture VoIP0 traffic (for 600 seconds or 10 minutes):
mv88eMonitor 0x8 0x8 11 600
Use this command to capture VoIP1 traffic:
mv88eMonitor 0x10 0x10 11 600


  • If the output is like this (TMG800v2):
PortDesc   :  voip0  voip1   host   mgmt    cpu   fpga
PortNumber :      0      1      2      3      4      5
PortMask   :    0x1    0x2    0x4    0x8   0x10   0x20
Use this command to capture VoIP0 traffic (for 600 seconds or 10 minutes):
mv88eMonitor 0x1 0x1 2 600
Use this command to capture VoIP1 traffic:
mv88eMonitor 0x2 0x2 2 600

Note: We don't recommend to keep the capturing for a long time. This is only for debugging purpose.

Second, access the Tmedia management interface using SSH. Prompt is now

[root@TBxxxxxx ~]#

To dump the content of the VOIP traffic in the file voip_capture.cap
if the VOIP traffic is untagged:

tcpdump -i mgmt0 -s 1500 -w voip_capture.cap

If the traffic is tagged, use the name of the IP interface created previously (for example vlan333)

tcpdump -i vlan333 -s 1500 -w voip_capture.cap

You will see something like this:

tcpdump: listening on mgmt0, link-type EN10MB (Ethernet), capture size 1500 bytes

Stop Capture

When you're ready, stop the capture by pressing control-C on the shell that was running tcpdump command
You will see something like this:

364 packets captured
590 packets received by filter
0 packets dropped by kernel
  • Access the telecom baseboard from the Tmedia using telnet.
telnet 172.31.1.1
  • Stop the capture
mv88eMonitor 0 0 0

Download Capture

To download the voip_capture.cap file, use SSH secure copy ("sftp") to the Tmedia management port. This can be done on Windows using tools like Filezilla or WinSCP.
The file will be located in

/root

References