Guest

Cisco Unified Communications Manager (CallManager)

Packet Capture on Unified Communications Manager Appliance Model

Document ID: 112040

Updated: Jun 23, 2010

   Print

Introduction

This document explains how to collect the packets being sent to and from the network interface on a Cisco Unified Communications Manager 5.x/ 6.x/7.x server.

Prerequisites

Requirements

There are no specific requirements for this document.

Components Used

The information in this document is based on the Cisco Unified Communications Manager 5.x/ 6.x/7.x.

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Conventions

Refer to Cisco Technical Tips Conventions for more information on document conventions.

Cisco Unified Communications Manager Packet Capture

When you troubleshoot in Cisco Unified Communications Manager 5.x/6.x/7.x, it is sometimes necessary to collect the packets being sent to and from the network interface on a Cisco Unified Communications Manager server. This document describes the process in these four steps.

  1. Start the Capture

  2. Reproduce the Problem Symptom or Condition

  3. Stop the Capture

  4. Collecting the Capture from the Server

Start the Capture

In order to start the capture, establish a secure shell (SSH) session to the Cisco Unified Communications Manager server, and authenticate with the Platform Administrator account, as shown.

packet-capture-cucm-01.gif

Enter the utils network capture command. The syntax is:

utils network capture [options]
options  optional   
page,numeric,file fname,count num,size bytes,src addr,dest addr,port
num,host protocol addr

 

options are:
page                
- pause output
numeric               - show hosts as dotted IP
addresses
file fname            - output the information to a file
  
Note: The file will be saved in platform/cli/fname.cap
         
fname should not contain the "." character
count num             - a
count of the number of packets to capture
    Note: The maximum count
for the screen is 1000, for a file is 100000
size bytes            -
the number of bytes of the packet to capture
    Note: The maximum
number of bytes for the screen is 128
          For a file it can be
any number or ALL
src addr              - the source address of the
packet as a host name or IPV4 address
dest addr             - the
destination address of the packet as a host name or IPV4 address
port
num              - the port number of the packet (either src or dest)
host
protocol addr    - the protocol should be one of the following:
ip/arp/rarp/all. The host address of the packet as a host name or IPV4
address. This option  will display all packets to and fro that address.
  
Note: If "host" is provided, do not provide "src" or "dest"

For a typical capture, to collect all packets of all sizes from and to all addresses to a capture file called packets.cap, run the utils network capture eth0 file packets count 100000 size all command.

packet-capture-cucm-02.gif

When you troubleshoot a communications issue with Cluster Manager, you can use the port option in order to capture packets based on a specific port (8500):

packet-capture-cucm-03.gif

When you troubleshoot an issue with Cisco Unified Communications Manager and a particular host, you can use the host option in order to filter for traffic to and from a particular host, as shown:

packet-capture-cucm-04.gif

Reproduce the Problem Symptom or Condition

While the capture runs, reproduce the problem symptom or condition so that the necessary packets are included in the capture. If the problem is intermittent, run the capture for an extended period. If the capture ends, it is because the buffer is filled. Restart the capture and the previous capture is automatically renamed so you do not lose the previous capture. If a capture is needed for an extended period of time, it can be worthwhile to capture at the network level through other means, such as through the use of a monitor session on a switch.

Stop the Capture

In order to stop the capture, hold the Control key and press C on the keyboard. This causes the capture process to end and no new packets are added to the capture dump.

packet-capture-cucm-05.gif

Collect the Capture from the Server

The capture files are stored in the activelog platform/cli/ location on the server. You can transfer the files through CLI to an SFTP server or transfer the file to the local PC using the Real Time Monitoring Tool (RTMT).

Transfer Files through the CLI to an SFTP Server

Use the file get activelog platform/cli/packets.cap command in order to collect the packets.cap file to the SFTP server. Alternatively, in order to collect all .cap files stored on the server, you can use the file get activelog platform/cli/*.cap command. Finally, fill in the SFTP server IP/FQDN, port, username, password, and directory information:

packet-capture-cucm-06.gif

The CLI indicates success or failure of the file transfer to your SFTP server.

Transfer Capture File to Local PC with the Real Time Monitoring Tool (RTMT)

Note: This option is not available to servers that run a Cisco Unified Communications Manager 5.x version earlier than 5.1(1), or Cisco Unified Communications Manager 6.x version earlier than 6.1(2). Refer to Cisco bug IDs CSCsg13820 (registered customers only) and CSCsm76349 (registered customers only) for details.

Complete these steps in order to transfer capture files to a local PC with the Real Time Monitoring Tool (RTMT):

  1. Launch the Real Time Monitoring Tool. Click System > Trace & Log Central, then double click Collect Files. Click Next through the first menu.

    packet-capture-cucm-07.gif

  2. In the second menu, check the Packet Capture Logs checkbox on the server where you performed the capture, and then click Next.

    packet-capture-cucm-08.gif

  3. On the final screen, choose the time range when you performed the capture and a download file directory on your local PC. Click Finish.

    packet-capture-cucm-09.gif

    RTMT closes this window, proceeds to collect the file, and stores it on your local PC in the specified location.

Related Information

Updated: Jun 23, 2010
Document ID: 112040