Enabling SIP debug and retrieving a packet capture

Enabling SIP Debug

Retrieving a Packet Capture

1. Access the unit through SSH and in the command line set out the parameters of your packet capture by specifying the below in the command:

sudo tcpdump -i eth0 -n -s 0 port 5060 -vvv -w /home/capture_file_name.pcap

Options:

-i = interface you want to capture on, eth0, eth1, eth2, etc, you will want to do this on your public interface most likely.

-n = Do not convert ip addresses to names, prevents DNS lookups.

-s = How many bytes of data to grab from each packet, zero means use the required length to catch whole packets.

port = What port to listen to, 5060 is the default port for SIP.

-vvv = Even more, verbose output, this will give you as many details as possible.

-w = Write to a raw file to be parsed later.

Thereafter you will need to specify its location to capture to and an appropriate name. If you do not specify a location it will save to the current location you have access to.

Eg. sudo tcpdump -i eth0 -s0 -w tester786.pcap

In this time you would want to interact with the device of interface that you are looking to debug...

2. Press Ctrl +C to end the packet capture session

The session will end and display how many packets were captured.

3. Type: ls (if you have not specified a location), you will be able to see your captured file or pcap.

You will then be able to copy that file to you desktop with the scp function. Using Wireshark you will be able to open the file and debug or diagnose the transfer of packets across that specific interface.

Secure Copy (scp)

To execute a scp command in the terminal, set out the parameter as shown below:

scp /location/file_name username@xxx.xxx.xxx.xxx: /location_destination