Versions Compared

Old Version 2

changes.mady.by.user Gabor Moczar

Saved on

compared with

New Version Current

changes.mady.by.user Gabor Moczar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Warning

Do not remove the Winpcap driver when installing Wireshark. Otherwise, the system components relying on the Wincap drive will not work anymore

Warning

Capturing on Recording Servers causes extra load on CPU and disk utilization and can interfere with the recording process which can lead to data loss under critical circumstances. The load of the packet capture on the Recording Servers should be always considered and if possible should only be used during non-busy hours.

Tshark

Tshark is a high performance packet capture application that is part of the Wireshark installation package. It is a command line tool for high performance continuous capturing. It is useful when network traffic is high and/or capturing with Wireshark becomes unstable, and when we need to leave tracing on for a longer period of time (many hours or days).

Warning

Capturing on Recording Servers causes extra load on CPU and disk utilization and can interfere with the recording process which can lead to data loss under critical circumstances. The load of the packet capture on the Recording Servers should be always considered and if possible should only be used during non-busy hours.

Examples

Get help:

Code Block
tshark -h

...

Code Block
tcp.dstport==5060 or tcp.srcport==5060 

...

Verba packet capture

...

The Verba Recording System system comes with a built-in packet capture tool called Verba Packet Capture. This tool collects and stores network traffic without analyzing it or interfering with the recording progress. Recording failure situations can be efficiently solved by the Verba support and development team, using the results of this tool, since raw traffic analysis allows our team to recreate failures in our a environment. Verba , similar to Tshark. Verba Packet Capture creates standard PCAP files that can be opened by Ethereal or WireShark.

You can get command line help by running the tool without parameters:

...

iconfalse

...

The following example captures traffic from interface 3 into traffic.pcap

...

iconfalse

...

You can finish packet capturing by pressing CTRL+C.

Using verbacapture to document a fault

  1. Open a windows command line: Start menu / Type 'cmd'
  2. Command: cd "C:\Program Files (x86)\Verba\bin"
  3. Command: verbacapture -i
  4. Identify the number of the port where you would like to capture (1,2,etc.)
  5. Command: verbacapture -c 3 traffic.pcap
    (in this example 3 was the 3rd port, and traffic.pcap is the name of the file where you want to store the traffic)
  6. Let the tool run, make the necessary phone calls where you find a recording problem
  7. Stop the tool by pressing CTRL-C

When you are submitting the resulting PCAP file, make sure you are also providing involved phone numbers and IP address information of the phones, the PBX and the gateways involved in your test calls, so our team can understand the data quickly.

...

The tool is especially useful when troubleshooting proxy based recording issues because the tool can take into account the recorder settings and connect to the same proxies as a redundant/2N recorder pair of the recorder. That way it receives exactly the same traffic as the recorder service. The tool should be run on the servers where the Passive Recorder service runs.