This document explains how to collect the packets being sent to and
from the network interface on a Cisco Unified Communications Manager 5.x/
There are no specific requirements for this document.
The information in this document is based on the Cisco Unified
Communications Manager 5.x/ 6.x/7.x.
The information in this document was created from the devices in a
specific lab environment. All of the devices used in this document started with
a cleared (default) configuration. If your network is live, make sure that you
understand the potential impact of any command.
Technical Tips Conventions for more information on document
When you troubleshoot in Cisco Unified Communications Manager
5.x/6.x/7.x, it is sometimes necessary to collect the packets being sent to and
from the network interface on a Cisco Unified Communications Manager server.
This document describes the process in these four steps.
Start the Capture
Reproduce the Problem Symptom or
Stop the Capture
Collecting the Capture from the
In order to start the capture, establish a secure shell (SSH) session
to the Cisco Unified Communications Manager server, and authenticate with the
Platform Administrator account, as shown.
Enter the utils network capture command. The
utils network capture [options]
page,numeric,file fname,count num,size bytes,src addr,dest addr,port
num,host protocol addr
- pause output
numeric - show hosts as dotted IP
file fname - output the information to a file
Note: The file will be saved in platform/cli/fname.cap
fname should not contain the "." character
count num - a
count of the number of packets to capture
Note: The maximum count
for the screen is 1000, for a file is 100000
size bytes -
the number of bytes of the packet to capture
Note: The maximum
number of bytes for the screen is 128
For a file it can be
any number or ALL
src addr - the source address of the
packet as a host name or IPV4 address
dest addr - the
destination address of the packet as a host name or IPV4 address
num - the port number of the packet (either src or dest)
protocol addr - the protocol should be one of the following:
ip/arp/rarp/all. The host address of the packet as a host name or IPV4
address. This option will display all packets to and fro that address.
Note: If "host" is provided, do not provide "src" or "dest"
For a typical capture, to collect all packets of all sizes from and to
all addresses to a capture file called packets.cap, run the
utils network capture eth0 file packets count 100000 size
When you troubleshoot a communications issue with Cluster Manager, you
can use the port option in order to capture packets based on a specific port
When you troubleshoot an issue with Cisco Unified Communications
Manager and a particular host, you can use the host
option in order to filter for traffic to and from a particular host, as
While the capture runs, reproduce the problem symptom or condition so
that the necessary packets are included in the capture. If the problem is
intermittent, run the capture for an extended period. If the capture ends, it
is because the buffer is filled. Restart the capture and the previous capture
is automatically renamed so you do not lose the previous capture. If a capture
is needed for an extended period of time, it can be worthwhile to capture at
the network level through other means, such as through the use of a monitor
session on a switch.
In order to stop the capture, hold the Control key and
press C on the keyboard. This causes the capture process to
end and no new packets are added to the capture
The capture files are stored in the activelog
platform/cli/ location on the server. You can transfer the files through CLI to an SFTP server or
transfer the file to the local PC using the Real Time
Monitoring Tool (RTMT).
Use the file get activelog
platform/cli/packets.cap command in order to collect the
packets.cap file to the SFTP server. Alternatively, in order
to collect all .cap files stored on the server, you can use
the file get activelog platform/cli/*.cap command.
Finally, fill in the SFTP server IP/FQDN, port, username, password, and
The CLI indicates success or failure of the file transfer to your SFTP
Note: This option is not available to servers that run a Cisco Unified
Communications Manager 5.x version earlier than 5.1(1), or Cisco Unified
Communications Manager 6.x version earlier than 6.1(2). Refer to Cisco bug IDs
(registered customers only)
(registered customers only)
Complete these steps in order to transfer capture files to a local PC
with the Real Time Monitoring Tool (RTMT):
Launch the Real Time Monitoring Tool. Click System
> Trace & Log Central, then double click
Collect Files. Click Next through the first
In the second menu, check the Packet Capture Logs
checkbox on the server where you performed the capture, and then click
On the final screen, choose the time range when you performed the
capture and a download file directory on your local PC. Click
RTMT closes this window, proceeds to collect the file, and stores it
on your local PC in the specified location.