OXE to Cisco IP trunk

bigmac · Post by **bigmac** » 21 Jan 2010 09:43

Is there a TC that explains what all the elements in a t3 trace signify? This woudl be very useful

Elandryl · Post by **Elandryl** » 21 Jan 2010 11:02

keep in mind that i'm not sure of that :
" IE:[04] BEARER_CAPABILITY (l=3) 80 90 a3" mean we are using G711 compression.

I saw it during a case but i can't find it back ...

alex · Post by **alex** » 22 Jan 2010 04:42

bigmac wrote:Is there a TC that explains what all the elements in a t3 trace signify? This woudl be very useful

There is no such TC available. Check http://www.itu.int/ITU-T/publications/recs.html

.
Concerning your problem - t3 is not enough for H.323 tracing because call setup uses H.245 and H.225 which are not shown in t3 trace. So you'd better take wireshark trace of call and check with H.323 decoder.

bigmac · Post by **bigmac** » 25 Jan 2010 07:12

Hi Alex to use wireshark I have to mirror the port the OXE is on and connect to my laptop to the mirrored port right?

Elandryl · Post by **Elandryl** » 25 Jan 2010 08:30

hi Bigmac,

You can do it directly form the OXE
Use the command tcpdump.

For the oxe the support recommand those options :

tcpdump -s 2000 -w <place to create file>

-s 2000 is for the packet size.

I usually put files into /tmpd, named it directly with the wireshark extension ".pcap"

After that get it with ftp and open it vith wireshark.
Use the -w option to put the tcpdump into a fil because if you don't wireshark can't open the traces.

alex · Post by **alex** » 26 Jan 2010 02:52

bigmac wrote:Hi Alex to use wireshark I have to mirror the port the OXE is on and connect to my laptop to the mirrored port right?

Yes. To use a mirror port on the switch is the best way. But you should trace GD/INTIP port!

bigmac · Post by **bigmac** » 26 Jan 2010 15:39

Elandryl wrote:hi Bigmac,

You can do it directly form the OXE
Use the command tcpdump.

For the oxe the support recommand those options :

tcpdump -s 2000 -w <place to create file>

-s 2000 is for the packet size.

I usually put files into /tmpd, named it directly with the wireshark extension ".pcap"

After that get it with ftp and open it vith wireshark.
Use the -w option to put the tcpdump into a fil because if you don't wireshark can't open the traces.

nice tip thanks

bigmac · Post by **bigmac** » 01 Feb 2010 06:19

removed unhelpful data

bigmac · Post by **bigmac** » 01 Feb 2010 07:43

mmm am I right in assuming using tcpdump if from CPU IP. is there a way to take a tcpdump from INT IP?

alex · Post by **alex** » 01 Feb 2010 08:42

bigmac wrote:not sure if this is adding much light but I am not adept at analysing this anyway.

....l

Actually there are no H.323 messages in this trace at all.

bigmac wrote:mmm am I right in assuming using tcpdump if from CPU IP. is there a way to take a tcpdump from INT IP?

Looks like "tcpdump" is not available on GD/GA.