[VoiceOps] TCPDump on an Adtran TA908E

Brad Anouar Brad at broadcore.com
Thu Sep 22 18:53:51 EDT 2011

Hi Zak,

The following is the whole procedure on how to obtain and convert a packet capture to a pcap file.

>From the command line, we have the ability to look at every packet coming in and out of the router, along with the ability to limit that debug with an access-list. This is best done from a telnet or SSH session, as the console can drop some of the output due to a limited buffer size.

It is preferable to not have any other messages pop up that may interfere with the capture text. The events and any other debugs should be turned off before performing this debug. This can be done with the following commands:

Router# no events
Router# undebug all

The general command is:

<> = optional

Router# debug ip packet <access-list name> <detail / dump>

NOTE: It is not recommended to run this command without referencing an access-list.


To limit the traffic to and from a particular peer:

ip access-list extended test
  permit ip any host <IP in question>
  permit ip host <IP in question> any

For example:

ip access-list extended test
  permit udp host  any eq 5060

debug ip packet test detail
debug ip packet test dump


If you desire to see more than what 'detail' provides, choosing 'dump' will output the entire packet in text form. This can be copied to a text document and converted to an actual packet capture.

The program Wireshark (www.wireshark.org) comes with a utility known as Text2Pcap. Copy (text2pcap.exe) from the Wireshark folder to a root drive, as well as the text file. Run the following command from a DOS prompt:

text2pcap.exe -e 0x800 <Text Filename> <Capture Filename to Create (extension .pcap)>

The capture file can then be opened in Wireshark. If the unit is running a firewall, you will probably see every packet twice (once entering the firewall & once leaving, depending on the ACL you are using); the second may be after a NAT process if NAT is enabled.

If the traffic is across a VPN, the second packet will not be seen since it enters/leaves the router encapsulated in VPN.

Brad Anouar  | Anywhere (310) 360-2028 | Corporate (800) 942-4700 | www.broadcore.com<http://www.broadcore.com/>

From: voiceops-bounces at voiceops.org [mailto:voiceops-bounces at voiceops.org] On Behalf Of Zak Rupas
Sent: Thursday, September 22, 2011 3:24 PM
To: voiceops at voiceops.org
Subject: [VoiceOps] TCPDump on an Adtran TA908E

Does anyone know the TCP Dump commands for the Adtran TA908e CLI?

Zak Rupas
Tier 3 Engineer
Support: 303-242-8606 option 1
 Like SimpleSignal on Facebook<http://www.facebook.com/SimpleSignal> !
SimpleSignal Inc.
3600 S. Yosemite Street
Suite 150
Denver, CO  80237
[cid:image001.png at 01CC793F.D36EDB60]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/voiceops/attachments/20110922/dcd6620a/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 32330 bytes
Desc: image001.png
URL: <https://puck.nether.net/pipermail/voiceops/attachments/20110922/dcd6620a/attachment-0001.png>

More information about the VoiceOps mailing list