[VoiceOps] TCPDump on an Adtran TA908E

Christian Pena christian.pena at corp.earthlink.com
Fri Nov 9 16:05:38 EST 2012

Blast from the past!


I have tried to follow something very similar to this (didn't use an
access-list) on some Adtrans I have in the field. Some are 908Es, some
Netvantas 6300. When I do this, I can certainly see tons of data, can
convert it with text2pcap but not much I could identify as SIP when I know
there is SIP running through the box. Am using the Adtrans SIP proxy - not
sure if this has anything to do with it? 


Anyone seen anything similar? 


From: voiceops-bounces at voiceops.org [mailto:voiceops-bounces at voiceops.org]
On Behalf Of Brad Anouar
Sent: Thursday, September 22, 2011 6:54 PM
To: 'Zak Rupas'; voiceops at voiceops.org
Subject: Re: [VoiceOps] TCPDump on an Adtran TA908E


Hi Zak,


The following is the whole procedure on how to obtain and convert a packet
capture to a pcap file.



>From the command line, we have the ability to look at every packet coming in
and out of the router, along with the ability to limit that debug with an
access-list. This is best done from a telnet or SSH session, as the console
can drop some of the output due to a limited buffer size.


It is preferable to not have any other messages pop up that may interfere
with the capture text. The events and any other debugs should be turned off
before performing this debug. This can be done with the following commands:


Router# no events

Router# undebug all


The general command is:


<> = optional


Router# debug ip packet <access-list name> <detail / dump>


NOTE: It is not recommended to run this command without referencing an




To limit the traffic to and from a particular peer:


ip access-list extended test

  permit ip any host <IP in question>

  permit ip host <IP in question> any


For example:


ip access-list extended test

  permit udp host  any eq 5060



debug ip packet test detail

debug ip packet test dump




If you desire to see more than what 'detail' provides, choosing 'dump' will
output the entire packet in text form. This can be copied to a text document
and converted to an actual packet capture.


The program Wireshark (www.wireshark.org) comes with a utility known as
Text2Pcap. Copy (text2pcap.exe) from the Wireshark folder to a root drive,
as well as the text file. Run the following command from a DOS prompt:


text2pcap.exe -e 0x800 <Text Filename> <Capture Filename to Create
(extension .pcap)>


The capture file can then be opened in Wireshark. If the unit is running a
firewall, you will probably see every packet twice (once entering the
firewall & once leaving, depending on the ACL you are using); the second may
be after a NAT process if NAT is enabled.


If the traffic is across a VPN, the second packet will not be seen since it
enters/leaves the router encapsulated in VPN.


Brad Anouar  | Anywhere (310) 360-2028 | Corporate (800) 942-4700 |
<http://www.broadcore.com/> www.broadcore.com


From: voiceops-bounces at voiceops.org [mailto:voiceops-bounces at voiceops.org]
On Behalf Of Zak Rupas
Sent: Thursday, September 22, 2011 3:24 PM
To: voiceops at voiceops.org
Subject: [VoiceOps] TCPDump on an Adtran TA908E


Does anyone know the TCP Dump commands for the Adtran TA908e CLI?



Zak Rupas

Tier 3 Engineer

Support: 303-242-8606 option 1

 Like SimpleSignal on  <http://www.facebook.com/SimpleSignal> Facebook !

SimpleSignal Inc.

3600 S. Yosemite Street

Suite 150

Denver, CO  80237

Description: Description: Description: cid:image001.png at 01CBDE2D.5E1CC730


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/voiceops/attachments/20121109/7d85d251/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 32330 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/voiceops/attachments/20121109/7d85d251/attachment-0001.png>

More information about the VoiceOps mailing list