[VoiceOps] TCPDump on an Adtran TA908E

Pena, Christian Christian.Pena at corp.earthlink.com
Fri Nov 9 18:05:49 EST 2012 

Yes I can.I just ran them in parallel - 'debug sip stack message' on one
vty session and 'debug ip packet dump' on another and messages gathered
on the sip debug are missing from the IP debug. 

 

Even tried to look at the raw text file for call-ids and such and they
are not there. 

 

*scratches head* 

 

Not sure whats up here. Only thing I could think was that the Adtran
proxy was doing something funky. 

 

Christian Pena | Engineering
EarthLink Business 
www.earthlinkbusiness.com <http://www.earthlinkbusiness.com/> 


E: christian.pena at corp.earthlink.com

O: 786-363-0460 | F: 786-363-0206

 

From: Zak Rupas [mailto:zak at simplesignal.com] 
Sent: Friday, November 09, 2012 4:30 PM
To: Pena, Christian; Brad Anouar; voiceops at voiceops.org
Subject: RE: [VoiceOps] TCPDump on an Adtran TA908E

 

Christian

Sorry I have not seen something similar. I personally was able to use
the below steps and get a working pcap for wirewhark. Can you see SIP
messaging when you run a normal debug on the Adtran in the CLI?

 

Thanks-

Zak Rupas | Tier 3 Engineer

 

Support Line 303-242-8616 Option 1

www.simplesignal.com <http://www.simplesignal.com/> 

 

From: Christian Pena [mailto:christian.pena at corp.earthlink.com] 
Sent: Friday, November 09, 2012 2:06 PM
To: 'Brad Anouar'; 'Zak Rupas'; voiceops at voiceops.org
Subject: RE: [VoiceOps] TCPDump on an Adtran TA908E

 

Blast from the past!

 

I have tried to follow something very similar to this (didn't use an
access-list) on some Adtrans I have in the field. Some are 908Es, some
Netvantas 6300. When I do this, I can certainly see tons of data, can
convert it with text2pcap but not much I could identify as SIP when I
know there is SIP running through the box. Am using the Adtrans SIP
proxy - not sure if this has anything to do with it? 

 

Anyone seen anything similar? 

 

From: voiceops-bounces at voiceops.org [
mailto:voiceops-bounces at voiceops.org] On Behalf Of Brad Anouar
Sent: Thursday, September 22, 2011 6:54 PM
To: 'Zak Rupas'; voiceops at voiceops.org
Subject: Re: [VoiceOps] TCPDump on an Adtran TA908E

 

Hi Zak,

 

The following is the whole procedure on how to obtain and convert a
packet capture to a pcap file.

 

 

>From the command line, we have the ability to look at every packet
coming in and out of the router, along with the ability to limit that
debug with an access-list. This is best done from a telnet or SSH
session, as the console can drop some of the output due to a limited
buffer size.

 

It is preferable to not have any other messages pop up that may
interfere with the capture text. The events and any other debugs should
be turned off before performing this debug. This can be done with the
following commands:

 

Router# no events

Router# undebug all

 

The general command is:

 

<> = optional

 

Router# debug ip packet <access-list name> <detail / dump>

 

NOTE: It is not recommended to run this command without referencing an
access-list.

 

---------------------------------------------------

 

To limit the traffic to and from a particular peer:

 

ip access-list extended test

  permit ip any host <IP in question>

  permit ip host <IP in question> any

 

For example:

 

ip access-list extended test

  permit udp host 192.168.40.22  any eq 5060

 

 

debug ip packet test detail

debug ip packet test dump

 

---------------------------------------------------

 

If you desire to see more than what 'detail' provides, choosing 'dump'
will output the entire packet in text form. This can be copied to a text
document and converted to an actual packet capture.

 

The program Wireshark (www.wireshark.org) comes with a utility known as
Text2Pcap. Copy (text2pcap.exe) from the Wireshark folder to a root
drive, as well as the text file. Run the following command from a DOS
prompt:

 

text2pcap.exe -e 0x800 <Text Filename> <Capture Filename to Create
(extension .pcap)>

 

The capture file can then be opened in Wireshark. If the unit is running
a firewall, you will probably see every packet twice (once entering the
firewall & once leaving, depending on the ACL you are using); the second
may be after a NAT process if NAT is enabled.

 

If the traffic is across a VPN, the second packet will not be seen since
it enters/leaves the router encapsulated in VPN.

 

Brad Anouar  | Anywhere (310) 360-2028 | Corporate (800) 942-4700 | 
www.broadcore.com <http://www.broadcore.com/> 

 

From: voiceops-bounces at voiceops.org [
mailto:voiceops-bounces at voiceops.org] On Behalf Of Zak Rupas
Sent: Thursday, September 22, 2011 3:24 PM
To: voiceops at voiceops.org
Subject: [VoiceOps] TCPDump on an Adtran TA908E

 

Does anyone know the TCP Dump commands for the Adtran TA908e CLI?

 

Thanks-

Zak Rupas

Tier 3 Engineer

Support: 303-242-8606 option 1

 Like SimpleSignal on Facebook <http://www.facebook.com/SimpleSignal>  !

SimpleSignal Inc.

3600 S. Yosemite Street

Suite 150

Denver, CO  80237



 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/voiceops/attachments/20121109/e51fbebe/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 32330 bytes
Desc: image001.png
URL: <https://puck.nether.net/pipermail/voiceops/attachments/20121109/e51fbebe/attachment-0001.png>

More information about the VoiceOps mailing list