This document explains how to collect the packets being sent to and from the network interface on a Cisco Unified Communications Manager 5.x/ 6.x/7.x server.
There are no specific requirements for this document.
The information in this document is based on the Cisco Unified Communications Manager 5.x/ 6.x/7.x.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
Refer to Cisco Technical Tips Conventions for more information on document conventions.
When you troubleshoot in Cisco Unified Communications Manager 5.x/6.x/7.x, it is sometimes necessary to collect the packets being sent to and from the network interface on a Cisco Unified Communications Manager server. This document describes the process in these four steps.
Start the Capture
Reproduce the Problem Symptom or Condition
Stop the Capture
Collecting the Capture from the Server
In order to start the capture, establish a secure shell (SSH) session to the Cisco Unified Communications Manager server, and authenticate with the Platform Administrator account, as shown.
Enter the utils network capture command. The syntax is:
utils network capture [options]
page,numeric,file fname,count num,size bytes,src addr,dest addr,port
num,host protocol addr
- pause output
numeric - show hosts as dotted IP
file fname - output the information to a file
Note: The file will be saved in platform/cli/fname.cap
fname should not contain the "." character
count num - a
count of the number of packets to capture
Note: The maximum count
for the screen is 1000, for a file is 100000
size bytes -
the number of bytes of the packet to capture
Note: The maximum
number of bytes for the screen is 128
For a file it can be
any number or ALL
src addr - the source address of the
packet as a host name or IPV4 address
dest addr - the
destination address of the packet as a host name or IPV4 address
num - the port number of the packet (either src or dest)
protocol addr - the protocol should be one of the following:
ip/arp/rarp/all. The host address of the packet as a host name or IPV4
address. This option will display all packets to and fro that address.
Note: If "host" is provided, do not provide "src" or "dest"
For a typical capture, to collect all packets of all sizes from and to all addresses to a capture file called packets.cap, run the utils network capture eth0 file packets count 100000 size all command.
When you troubleshoot a communications issue with Cluster Manager, you can use the port option in order to capture packets based on a specific port (8500):
When you troubleshoot an issue with Cisco Unified Communications Manager and a particular host, you can use the host option in order to filter for traffic to and from a particular host, as shown:
While the capture runs, reproduce the problem symptom or condition so that the necessary packets are included in the capture. If the problem is intermittent, run the capture for an extended period. If the capture ends, it is because the buffer is filled. Restart the capture and the previous capture is automatically renamed so you do not lose the previous capture. If a capture is needed for an extended period of time, it can be worthwhile to capture at the network level through other means, such as through the use of a monitor session on a switch.
In order to stop the capture, hold the Control key and press C on the keyboard. This causes the capture process to end and no new packets are added to the capture dump.
The capture files are stored in the activelog platform/cli/ location on the server. You can transfer the files through CLI to an SFTP server or transfer the file to the local PC using the Real Time Monitoring Tool (RTMT).
Use the file get activelog platform/cli/packets.cap command in order to collect the packets.cap file to the SFTP server. Alternatively, in order to collect all .cap files stored on the server, you can use the file get activelog platform/cli/*.cap command. Finally, fill in the SFTP server IP/FQDN, port, username, password, and directory information:
The CLI indicates success or failure of the file transfer to your SFTP server.
Note: This option is not available to servers that run a Cisco Unified Communications Manager 5.x version earlier than 5.1(1), or Cisco Unified Communications Manager 6.x version earlier than 6.1(2). Refer to Cisco bug IDs CSCsg13820 (registered customers only) and CSCsm76349 (registered customers only) for details.
Complete these steps in order to transfer capture files to a local PC with the Real Time Monitoring Tool (RTMT):
Launch the Real Time Monitoring Tool. Click System > Trace & Log Central, then double click Collect Files. Click Next through the first menu.
In the second menu, check the Packet Capture Logs checkbox on the server where you performed the capture, and then click Next.
On the final screen, choose the time range when you performed the capture and a download file directory on your local PC. Click Finish.
RTMT closes this window, proceeds to collect the file, and stores it on your local PC in the specified location.