Document ID: 112040 |
FeedbackIntroduction
This document explains how to collect the packets being sent to and from the network interface on a Cisco Unified Communications Manager 5.x/ 6.x/7.x server.
Prerequisites
Requirements
There are no specific requirements for this document.
Components Used
The information in this document is based on the Cisco Unified Communications Manager 5.x/ 6.x/7.x.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
Conventions
Refer to Cisco Technical Tips Conventions for more information on document conventions.
Cisco Unified Communications Manager Packet Capture
When you troubleshoot in Cisco Unified Communications Manager 5.x/6.x/7.x, it is sometimes necessary to collect the packets being sent to and from the network interface on a Cisco Unified Communications Manager server. This document describes the process in these four steps.
Start the Capture
In order to start the capture, establish a secure shell (SSH) session to the Cisco Unified Communications Manager server, and authenticate with the Platform Administrator account, as shown.
Enter the utils network capture command. The syntax is:
utils network capture [options]
options optional
page,numeric,file fname,count num,size bytes,src addr,dest addr,port
num,host protocol addr
options are:
page
- pause output
numeric - show hosts as dotted IP
addresses
file fname - output the information to a file
Note: The file will be saved in platform/cli/fname.cap
fname should not contain the "." character
count num - a
count of the number of packets to capture
Note: The maximum count
for the screen is 1000, for a file is 100000
size bytes -
the number of bytes of the packet to capture
Note: The maximum
number of bytes for the screen is 128
For a file it can be
any number or ALL
src addr - the source address of the
packet as a host name or IPV4 address
dest addr - the
destination address of the packet as a host name or IPV4 address
port
num - the port number of the packet (either src or dest)
host
protocol addr - the protocol should be one of the following:
ip/arp/rarp/all. The host address of the packet as a host name or IPV4
address. This option will display all packets to and fro that address.
Note: If "host" is provided, do not provide "src" or "dest"
For a typical capture, to collect all packets of all sizes from and to all addresses to a capture file called packets.cap, run the utils network capture eth0 file packets count 100000 size all command.
When you troubleshoot a communications issue with Cluster Manager, you can use the port option in order to capture packets based on a specific port (8500):
When you troubleshoot an issue with Cisco Unified Communications Manager and a particular host, you can use the host option in order to filter for traffic to and from a particular host, as shown:
Reproduce the Problem Symptom or Condition
While the capture runs, reproduce the problem symptom or condition so that the necessary packets are included in the capture. If the problem is intermittent, run the capture for an extended period. If the capture ends, it is because the buffer is filled. Restart the capture and the previous capture is automatically renamed so you do not lose the previous capture. If a capture is needed for an extended period of time, it can be worthwhile to capture at the network level through other means, such as through the use of a monitor session on a switch.
Stop the Capture
In order to stop the capture, hold the Control key and press C on the keyboard. This causes the capture process to end and no new packets are added to the capture dump.
Collect the Capture from the Server
The capture files are stored in the activelog platform/cli/ location on the server. You can transfer the files through CLI to an SFTP server or transfer the file to the local PC using the Real Time Monitoring Tool (RTMT).
Transfer Files through the CLI to an SFTP Server
Use the file get activelog platform/cli/packets.cap command in order to collect the packets.cap file to the SFTP server. Alternatively, in order to collect all .cap files stored on the server, you can use the file get activelog platform/cli/*.cap command. Finally, fill in the SFTP server IP/FQDN, port, username, password, and directory information:
The CLI indicates success or failure of the file transfer to your SFTP server.
Transfer Capture File to Local PC with the Real Time Monitoring Tool (RTMT)
Note: This option is not available to servers that run a Cisco Unified Communications Manager 5.x version earlier than 5.1(1), or Cisco Unified Communications Manager 6.x version earlier than 6.1(2). Refer to Cisco bug IDs CSCsg13820 (registered customers only) and CSCsm76349 (registered customers only) for details.
Complete these steps in order to transfer capture files to a local PC with the Real Time Monitoring Tool (RTMT):
-
Launch the Real Time Monitoring Tool. Click System > Trace & Log Central, then double click Collect Files. Click Next through the first menu.
-
In the second menu, check the Packet Capture Logs checkbox on the server where you performed the capture, and then click Next.
-
On the final screen, choose the time range when you performed the capture and a download file directory on your local PC. Click Finish.
RTMT closes this window, proceeds to collect the file, and stores it on your local PC in the specified location.
Cisco Support Community - Featured Conversations
Related Information
- Voice Technology Support
- Voice and Unified Communications Product Support
- Technical Support & Documentation - Cisco Systems
| Updated: Jun 23, 2010 | Document ID: 112040 |