[VoiceOps] TCPDump on an Adtran TA908E
Christian Pena
christian.pena at corp.earthlink.com
Fri Nov 9 16:05:38 EST 2012
Blast from the past!
I have tried to follow something very similar to this (didn't use an
access-list) on some Adtrans I have in the field. Some are 908Es, some
Netvantas 6300. When I do this, I can certainly see tons of data, can
convert it with text2pcap but not much I could identify as SIP when I know
there is SIP running through the box. Am using the Adtrans SIP proxy - not
sure if this has anything to do with it?
Anyone seen anything similar?
From: voiceops-bounces at voiceops.org [mailto:voiceops-bounces at voiceops.org]
On Behalf Of Brad Anouar
Sent: Thursday, September 22, 2011 6:54 PM
To: 'Zak Rupas'; voiceops at voiceops.org
Subject: Re: [VoiceOps] TCPDump on an Adtran TA908E
Hi Zak,
The following is the whole procedure on how to obtain and convert a packet
capture to a pcap file.
>From the command line, we have the ability to look at every packet coming in
and out of the router, along with the ability to limit that debug with an
access-list. This is best done from a telnet or SSH session, as the console
can drop some of the output due to a limited buffer size.
It is preferable to not have any other messages pop up that may interfere
with the capture text. The events and any other debugs should be turned off
before performing this debug. This can be done with the following commands:
Router# no events
Router# undebug all
The general command is:
<> = optional
Router# debug ip packet <access-list name> <detail / dump>
NOTE: It is not recommended to run this command without referencing an
access-list.
---------------------------------------------------
To limit the traffic to and from a particular peer:
ip access-list extended test
permit ip any host <IP in question>
permit ip host <IP in question> any
For example:
ip access-list extended test
permit udp host 192.168.40.22 any eq 5060
debug ip packet test detail
debug ip packet test dump
---------------------------------------------------
If you desire to see more than what 'detail' provides, choosing 'dump' will
output the entire packet in text form. This can be copied to a text document
and converted to an actual packet capture.
The program Wireshark (www.wireshark.org) comes with a utility known as
Text2Pcap. Copy (text2pcap.exe) from the Wireshark folder to a root drive,
as well as the text file. Run the following command from a DOS prompt:
text2pcap.exe -e 0x800 <Text Filename> <Capture Filename to Create
(extension .pcap)>
The capture file can then be opened in Wireshark. If the unit is running a
firewall, you will probably see every packet twice (once entering the
firewall & once leaving, depending on the ACL you are using); the second may
be after a NAT process if NAT is enabled.
If the traffic is across a VPN, the second packet will not be seen since it
enters/leaves the router encapsulated in VPN.
Brad Anouar | Anywhere (310) 360-2028 | Corporate (800) 942-4700 |
<http://www.broadcore.com/> www.broadcore.com
From: voiceops-bounces at voiceops.org [mailto:voiceops-bounces at voiceops.org]
On Behalf Of Zak Rupas
Sent: Thursday, September 22, 2011 3:24 PM
To: voiceops at voiceops.org
Subject: [VoiceOps] TCPDump on an Adtran TA908E
Does anyone know the TCP Dump commands for the Adtran TA908e CLI?
Thanks-
Zak Rupas
Tier 3 Engineer
Support: 303-242-8606 option 1
Like SimpleSignal on <http://www.facebook.com/SimpleSignal> Facebook !
SimpleSignal Inc.
3600 S. Yosemite Street
Suite 150
Denver, CO 80237
Description: Description: Description: cid:image001.png at 01CBDE2D.5E1CC730
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/voiceops/attachments/20121109/7d85d251/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 32330 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/voiceops/attachments/20121109/7d85d251/attachment-0001.png>
More information about the VoiceOps
mailing list