cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2283
Views
18
Helpful
8
Replies

How to install Wireshark on CUCM 7.1 server ?

jackli123
Level 1
Level 1

Hi,

I have recently upgraded from Call Manager 4.1 Windows 2000 Server, to CUCM 7.1.3 Linux based system. It seems that the only way to communicate with the server is through a web page. Is there a way to access the CUCM 7.1 Linux prompt and install software directly, for example I would like to install Wireshark ?

Thank you,

Jack

8 Replies 8

William Bell
VIP Alumni
VIP Alumni

There is actually no need to do this. The CUCM server has a packet capturing tool available to you.

You can access the tool using "utils network capture". There are various command line arguments. If you wanted to capture to a file (for example) you could do something like:

admin: utils network capture file mycap count 100000 size all host all 10.3.2.21

Executing command with options:

size=all count=100000 interface=eth0

src= dest= port=

ip=10.3.2.21

This would create a file. When done, use "Ctrl-C" to stop the capture. You can then download the file to your workstation as follows:

admin:file get activelog platform/cli/mycap.cap

From there, load it into WireShark and have a ball.

I wrote up a blog on the procedures here:

http://www.netcraftsmen.net/resources/blogs/Cisco-Unified-Communication-Appliance-CLI-Power.html

Take a look and let me know if you have any questions.

HTH.

Regards,

Bill

Please remember to rate helpful posts.

HTH -Bill (b) http://ucguerrilla.com (t) @ucguerrilla

Please remember to rate helpful responses and identify

William Bell
VIP Alumni
VIP Alumni

Oh. I guess I should also add that loading software on the CUCM appliance models (like 7.1) is not permitted by Cisco. So, there is no way to load WireShark. Sorry for the double response. Just though I would add that extra tidbit in.

HTH.

Regards,

Bill

HTH -Bill (b) http://ucguerrilla.com (t) @ucguerrilla

Please remember to rate helpful responses and identify

Thank you so much for your fast response. I followed your instructions on

the blob,

: file get activelog/cli/mycap.cap is not there, the command returns an

error that it cannot find the file.

try to search or tail the file with "file tail ...." and "file list ....", I

cannot find it.

It there a another way to see what is on the file system to see where my

file is.

Cheers!

On Tue, Apr 6, 2010 at 1:34 PM, wjbell-ncn <

Jack,

The syntax of your file get command is wrong. It should be:

admin:file get activelog platform/cli/mycap.cap

If you want to check to see if the capture file is there, then you can use the following command:

admin:file list activelog platform/cli/*.cap

Now, keep in mind that you have to create the capture file first by using the "utils network capture". You can specify filters, etc. To see the syntax of the command use:

admin:utils network capture ?

HTH.

Regards,

Bill

Please remember to rate helpful posts.

HTH -Bill (b) http://ucguerrilla.com (t) @ucguerrilla

Please remember to rate helpful responses and identify

It works, thank you!

My capture was wrong, it didn't capture anything in the first place.

Cheers!

On Tue, Apr 6, 2010 at 3:17 PM, wjbell-ncn <

Excellent. Good news.

Please remember to rate helpful posts...

HTH -Bill (b) http://ucguerrilla.com (t) @ucguerrilla

Please remember to rate helpful responses and identify

Hi William,

I captured the traffic off the UCM, all I see is SIP traffic, there is no

RTP packets - where is the voice traffic and how is it carried from 1 phone

to the other.

Thanks!

On Tue, Apr 6, 2010 at 3:34 PM, wjbell-ncn <

With CUCM, the RTP traffic is streamed between the communicating endpoints. A CUCM node is never involved in a RTP stream unless it is being used as a MoH server, software conference bridge, software MTP, or Annunciator for a specific call. Annunciator and MoH would stream in one direction (CUCM to target end point (or mcast address)).

If you want to see the RTP traffic between two phones or between a phone and a gateway then you need to use SPAN or RSPAN. Further, your SPAN source needs to be on a network switch that physically transports at least a portion of the RTP streams (ideally, both sides of the stream).

HTH.

Regards,

Bill

please rate helpful posts.

HTH -Bill (b) http://ucguerrilla.com (t) @ucguerrilla

Please remember to rate helpful responses and identify

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: