Page 2 of 4
Posted: 21 Jan 2010 09:43
by bigmac
Is there a TC that explains what all the elements in a t3 trace signify? This woudl be very useful
Posted: 21 Jan 2010 11:02
by Elandryl
keep in mind that i'm not sure of that :
" IE:[04] BEARER_CAPABILITY (l=3) 80 90 a3" mean we are using G711 compression.
I saw it during a case but i can't find it back ...
Posted: 22 Jan 2010 04:42
by alex
bigmac wrote:Is there a TC that explains what all the elements in a t3 trace signify? This woudl be very useful
There is no such TC available. Check
http://www.itu.int/ITU-T/publications/recs.html
.
Concerning your problem - t3 is not enough for H.323 tracing because call setup uses H.245 and H.225 which are not shown in t3 trace. So you'd better take wireshark trace of call and check with H.323 decoder.
Posted: 25 Jan 2010 07:12
by bigmac
Hi Alex to use wireshark I have to mirror the port the OXE is on and connect to my laptop to the mirrored port right?
Posted: 25 Jan 2010 08:30
by Elandryl
hi Bigmac,
You can do it directly form the OXE
Use the command tcpdump.
For the oxe the support recommand those options :
tcpdump -s 2000 -w <place to create file>
-s 2000 is for the packet size.
I usually put files into /tmpd, named it directly with the wireshark extension ".pcap"
After that get it with ftp and open it vith wireshark.
Use the -w option to put the tcpdump into a fil because if you don't wireshark can't open the traces.
Posted: 26 Jan 2010 02:52
by alex
bigmac wrote:Hi Alex to use wireshark I have to mirror the port the OXE is on and connect to my laptop to the mirrored port right?
Yes. To use a mirror port on the switch is the best way. But you should trace GD/INTIP port!
Posted: 26 Jan 2010 15:39
by bigmac
Elandryl wrote:hi Bigmac,
You can do it directly form the OXE
Use the command tcpdump.
For the oxe the support recommand those options :
tcpdump -s 2000 -w <place to create file>
-s 2000 is for the packet size.
I usually put files into /tmpd, named it directly with the wireshark extension ".pcap"
After that get it with ftp and open it vith wireshark.
Use the -w option to put the tcpdump into a fil because if you don't wireshark can't open the traces.
nice tip thanks
Posted: 01 Feb 2010 06:19
by bigmac
removed unhelpful data
Posted: 01 Feb 2010 07:43
by bigmac
mmm am I right in assuming using tcpdump if from CPU IP. is there a way to take a tcpdump from INT IP?
Posted: 01 Feb 2010 08:42
by alex
bigmac wrote:not sure if this is adding much light but I am not adept at analysing this anyway.
....l
Actually there are no H.323 messages in this trace at all.
bigmac wrote:mmm am I right in assuming using tcpdump if from CPU IP. is there a way to take a tcpdump from INT IP?
Looks like "tcpdump" is not available on GD/GA.