- Type this in on putty root logon
- tcpdump -s0 -i eth0 -w testsip.pcap .Useful examples
- eth0 is the NIC, if you have two NIC’s in your MBG then you may want to use eth1
- Start it running before making test call and stop it running after with “Control C”
- then sftp it with winsftp and open testsip.pcap in wireshark (my mirror –winscp517setup)
- Also on MCD 5.0 and above you can now do “Sip TCPDump on/off” in the maintanence commands
- This creates a file in the “vmail” directory on the mitel
- Ftp to the mitel which will put you in the “sysro” directory.
You need to go one directory up to get the the vmail directory
- Same logon to FTP as phone system
Note Gamma Tech Support number = 0808 178 8000 option 1, 1, 2
Update June 2021
The newer veisons of MBG have a useful feature that splits the wireshark capture in to managable file sizes
Here is an example of how to do the same via TCPDUMP on the older version of MBG that dont have this feature
I had a customer where they had 1000’s of phones connecting to 2 x MIVB with 2 x MBG SBC’s accross 10’s of sites
When they had a speech quality issue and i needed to prove the speech was poor before it got the MBGSBC i started a wireshark capture.
Of course the file got far to be far to quickly.
To try and remendy this i needed to filter the capture to only collect the packets going to the particular phone subnets
As well as the packets going ot he phone system so i could capture the signalling
tcpdump -n \(net 10.1.2.0/24 or net 10.1.36.0/24 or net 172.20.26.211\) -C 500 -W 20 -w sbc1.pcap -Z root
-n = do not look up DNS for the IP’s
net 10.1.2.0/24 = include all packets coming from and to that subnet
net 10.1.36.0/24 = include all packets coming from and to that subnet
net 172.20.26.211 = include all packets going to and from the phone system
-C 500 = file size limit
-W 20 = number of files to create before rolling over (Note the upper case)
-w sbc1.pcap = file name to write too (once the first file has reached 500mb the next file is created with a 01 appended)
-Z root = file permission ( you will get permission denied with out this)
This should collect all the RTP going through the MBGSBC as well as the SIP signalling to and from the MIVB
so you can still use wireshark to inspect and filter the captured file like i explained in these posts 1 2 3
Source web pages 1 2 3