Using Wireshark to Create a Packet Capture (PCAP) for Troubleshooting NetVanta Products

Version 1

    Packet captures can often be very useful in determining issues within a network. This is especially true for troubleshooting VoIP issues with the NetVanta 7100 or NetVanta UC Server. This
    guide will take you through setting up a capture for each of these systems. You will need to download Wireshark in order to perform a packet capture. Wireshark is a free download.

     

    Packet captures using the Port Mirror feature on the NetVanta 7100

     

    1 - First, you will need to set up a Port Mirror. Our document on port mirroring can be found here: Configuring Port Mirroring in AOS. In most cases, the source of the port mirror will be an Ethernet port on the 7100 that is connected to a phone.

     

    2 - Once you have the port mirror set up, connect a PC to the destination port and start Wireshark.

     

    3 - After Wireshark is started, go to Capture -> Start. You may need to select the proper interface on the capture PC.

    Wireshark1.jpg

    4 - Once you have started the capture, recreate the behavior that you are attempting to troubleshoot. When you’re done, click the “Stop” button to stop the capture.

    Wireshark2.jpg

    5 - You can use the Telephony -> VoIP Calls feature to select certain calls. From there, you can view a graph with the “Flow” button, or you can listen to the call itself with the “Player” button.

    NOTE: The Player feature will only work properly if the call uses the PCMU codec.

      

    6 - If you are obtaining a capture for ADTRAN Technical Support, upload the capture to ftp://ftp.adtran.com/incoming/ with the instructions below at the end of this document and notify the Support Engineer with whom you’ve been working.

     

     

    Packet Captures from a NetVanta UC Server

     

    1 - Since UC Server is run from a Windows server, you can run the capture directly from the system running UC Server. This will often give you a very clear picture of the entire SIP negotiation between UC Server, phones, external PBXs, and gateways. Start Wireshark and select the proper network interface. There should only be one network interface active on the system running UC Server. UC Server does not support multiple active network interfaces.

     

    2 - Start the capture and recreate the behavior you are attempting to troubleshoot. Click “Stop” when your test has completed.

     

    3 - You can use the Telephony -> VoIP Calls feature to select certain calls. From there, you can view a graph with the “Flow” button, or you can listen to the call itself with the “Player” button

     

    NOTE: The Player feature will not work for phone-to-phone calls in ECS/UC Server. In this case, UC Server is not involved in the call flow. You will need a separate capture with a port mirror for the audio to and from the phone.

     

    4 - If you are obtaining a capture for ADTRAN Technical Support, upload the capture to ftp://ftp.adtran.com/incoming/ with the instructions at the end of this document and notify the Support Engineer with whom you’ve been working.

     

     

    Continuous, Rotating Packet Captures

     

    The dumpcap feature within Wireshark is very useful for attempting to capture an intermittent issue. You can start the rotating packet capture, and then just wait for the incorrect
    behavior to occur.

     

    1 - Open a Windows Command Prompt. This can be done by going to Start -> Run and entering “cmd” in the text box. On newer versions of Windows, you can type “cmd” directly into the search bar that comes up with the Start Menu.

     

    2 - Enter “cd C:\Program Files\Wireshark\” (or wherever Wireshark was installed) to change to the Wireshark directory.

     

    3 - From here, you will use the dumpcap.exe program to start a continuous capture. For example: dumpcap.exe -i 1 -b filesize:100000 -b files:20 -w <filename>.pcap

    • The filesize is in KB. In this example we are saving 20 files at 100 MB per file. The filename will have the timestamp at which the capture started appended to the end of the filename set above. You can also use the -w switch to change the directory where the files will be stored.
    • If your system has multiple NIC cards you may have to adjust the -i 1. You can issue a route print from the command line to see the interface list to select the correct NIC card.
    • You can use the -f switch to apply a filter to the capture. For instance, if you use -f "udp port 5060", you will show only UDP SIP traffic.  If you wish to include multiple ports you can
      use -f "udp port 5060 OR udp port 5080"
    • The capture files will be saved in the C:\Program Files\Wireshark\ folder in this example. You can specify a folder with the filename switch if you wish, i.e. –w C:\Users\UCServiceAccount\Documents\Capture\capture.pcap

     

    Wireshark3.jpg

     

     

     

     

     

    Uploading a Packet Capture to ADTRAN's FTP server

    If you are obtaining a capture for ADTRAN Technical Support, upload the capture to ftp://ftp.adtran.com/incoming/ with the instructions below and notify the Support Engineer with whom you’ve been working.

    Open Internet Explorer web browser on their PC
    Type the following URL:  ftp://ftp.adtran.com
    Press the Alt key, click View, and then click Open FTP Site in Windows Explorer
    Double-click the "Incoming" folder
    Drag and drop files from PC into the Internet Explorer window

    Note the exact filenames used so ADTRAN Technical Support can retrieve the files