Sunday, April 19, 2015

Packet Capture on Cisco CUBE

The following packet capture was performed on a Cisco 3925 router, running the CUBE platform with IOS ver 15.x:


Router(config)#ip traffic-export profile TAC mode capture

Router(conf-rite)#bidirectional

Router(conf-rite)#end

Router(config)#interface Port-channel1  <<< this may be different for you

Router(config-if)#ip traffic-export apply TAC size 10000000

Router(config-if)#end

-- leave the above code on the device, you can start and stop as desired --

-- do this to start a capture --

Router#traffic-export interface Port-channel1 start

<-MAKE CALL->

-- do this to stop the capture --

Router#traffic-export interface Port-channel1 stop

Router#traffic-export interface Port-channel1 copy tftp://<TFTP-Server-IP>/tac-sniffer.pcap

Router#traffic-export interface Port-channel1 clear

-- remember to do the clear each time, or the capture will append to the .pcap and not overwrite --

 
Also, to gather call information about call legs involved run these commands:

Run this to find call IDs (legs will be 1 port number apart):

Router#show call active voice compact

Then run this command for each call ID:

show call active voice brief callid <x>

show call active voice brief callid <x+1>

If you want to listen to the voice stream in Wireshark (G711) follow the instructions below. (For G729, use this link: https://wiki.wireshark.org/HowToDecodeG729)


Open the capture in Wireshark.

Right-click the UDP stream and decode as RTP.

Choose Telephony> RTP> Stream Analysis> Player> Decode>

Click in the graph area> Play.

User's also viewed these links:
cisco cube debugging and show commands
  


No comments:

Post a Comment