[VoiceOps] TCPDump on an Adtran TA908E
Brad Anouar
Brad at broadcore.com
Thu Sep 22 18:53:51 EDT 2011
Hi Zak,
The following is the whole procedure on how to obtain and convert a packet capture to a pcap file.
>From the command line, we have the ability to look at every packet coming in and out of the router, along with the ability to limit that debug with an access-list. This is best done from a telnet or SSH session, as the console can drop some of the output due to a limited buffer size.
It is preferable to not have any other messages pop up that may interfere with the capture text. The events and any other debugs should be turned off before performing this debug. This can be done with the following commands:
Router# no events
Router# undebug all
The general command is:
<> = optional
Router# debug ip packet <access-list name> <detail / dump>
NOTE: It is not recommended to run this command without referencing an access-list.
---------------------------------------------------
To limit the traffic to and from a particular peer:
ip access-list extended test
permit ip any host <IP in question>
permit ip host <IP in question> any
For example:
ip access-list extended test
permit udp host 192.168.40.22 any eq 5060
debug ip packet test detail
debug ip packet test dump
---------------------------------------------------
If you desire to see more than what 'detail' provides, choosing 'dump' will output the entire packet in text form. This can be copied to a text document and converted to an actual packet capture.
The program Wireshark (www.wireshark.org) comes with a utility known as Text2Pcap. Copy (text2pcap.exe) from the Wireshark folder to a root drive, as well as the text file. Run the following command from a DOS prompt:
text2pcap.exe -e 0x800 <Text Filename> <Capture Filename to Create (extension .pcap)>
The capture file can then be opened in Wireshark. If the unit is running a firewall, you will probably see every packet twice (once entering the firewall & once leaving, depending on the ACL you are using); the second may be after a NAT process if NAT is enabled.
If the traffic is across a VPN, the second packet will not be seen since it enters/leaves the router encapsulated in VPN.
Brad Anouar | Anywhere (310) 360-2028 | Corporate (800) 942-4700 | www.broadcore.com<http://www.broadcore.com/>
From: voiceops-bounces at voiceops.org [mailto:voiceops-bounces at voiceops.org] On Behalf Of Zak Rupas
Sent: Thursday, September 22, 2011 3:24 PM
To: voiceops at voiceops.org
Subject: [VoiceOps] TCPDump on an Adtran TA908E
Does anyone know the TCP Dump commands for the Adtran TA908e CLI?
Thanks-
Zak Rupas
Tier 3 Engineer
Support: 303-242-8606 option 1
Like SimpleSignal on Facebook<http://www.facebook.com/SimpleSignal> !
SimpleSignal Inc.
3600 S. Yosemite Street
Suite 150
Denver, CO 80237
[cid:image001.png at 01CC793F.D36EDB60]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/voiceops/attachments/20110922/dcd6620a/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 32330 bytes
Desc: image001.png
URL: <https://puck.nether.net/pipermail/voiceops/attachments/20110922/dcd6620a/attachment-0001.png>
More information about the VoiceOps
mailing list