Ever wondered how you’re supposed to get access to a customer switch, to mirror the port your server edition is plugged into? Or even more difficult, how to get access to the virtual server that you’ve just installed server edition on to capture a wireshark trace?
Carrying out in-depth troubleshooting of SIP and other IP communication to and from an Avaya IP Office Server Edition, traditionally requires IT staff onsite to setup a port in the network switch. Thanks to Avaya and Wireshark, this process has now been made easy.
Did you know that Wireshark can be run from the command line and that Wireshark is preinstalled on Server Edition?
Here’s how to make the most of it.
1. First you’ll need to login using your Administrator username and password, and open a PuTTY session and set up an SSH session to the Server Edition.
3. Now down to the good bit. First of all you’ll need to work out which interface you want to capture from. Enter ifconfig to determine which physical interface is associated to your LAN1 address. In our case, we can see eth0 is the interface we need.
4. Next, we need to confirm that Wireshark (or tshark since we are using the command line) can see the interface. Enter tshark -D to list available interfaces. In this case we want to capture from our LAN1 interface which we know is eth0.
5. Now to get the capture happening! Enter tshark -i eth0 -b filesize:100 -a files:2 -w /tmp/capture.pcap. You will then see a counter for the number of packets being captured.
Let’s have a closer look at what’s going on here. First, tshark is our command line Wireshark. Following that we have some parameters:
-i sets the interface you want to capture
-b sets a maximum file size in KB. This is handy for capturing intermittent faults where the trace needs to run for a while, but you don’t want to accidentally use all the hard drive space.
-a sets the number of files you want to capture. In our case, we only want to capture 2. Again, this is handy for large traces as the bigger the file gets, the more RAM is used on the system.
-w sets the output directory and filename.
So in our example, we will capture 2 files at 100KB each from eth0 and write the capture to the tmp directory and with the filename capture.pcap. More detail on the parameters of tshark can be found here.
Let’s have a look at our files. Navigate to the tmp directory by entering cd /tmp. Now enter ls -al to view the directory contents and attributes. Remember, we wanted our files to be called capture.pcap, and you can see that tshark automatically appends a file number and date and time stamp so we can differentiate them.
6. Now we need to get our freshly made captures back to our Windows PC to view them. But before we do, we need to change the owner of our files. Leaving it as root makes it really hard for anyone else to do anything with these files, especially since these attributes mean that only root can access the files.
We want Administrator to own these files. To do this, enter chown Administrator:Administrator capture*.pcap. This changes the group and owner of all files starting with capture and ending in .pcap to Administrator. Enter ls -al to confirm.
7. Now on our Windows machine we open up WinSCP and connect to the system as Administrator using SFTP as the protocol.
Navigate to the tmp directory and copy the capture files to your hard drive. Try doing this without changing ownership of the file from root, I dare you!
8. Now open Wireshark and open one of the files and here you can see my failed attempt to register Communicator from my PC to the IP Office, 403 Fat Finger!
Stuart Logan – Senior Systems Engineer
Stuart has over 10 years’ experience working on the Avaya IP Office product and is a Senior Systems Engineer in our Distribution Central Sydney office.
Whilst he admits he didn’t wake up one day with the burning desire to make phones ring, his decision to quit his job at KFC in New Zealand, to move to Australia and put his degree in Web Based Information Systems to good use, turned out to be a pretty good decision.
Have a question for Stuart that you’d like answering? Feel free to email Stuart at: firstname.lastname@example.org