http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_tech_note09186a0080b36101.shtml
Should have solved my problem. Well it would, if it had worked. Whilst blaming Cisco for their faulty documentation I searched a little bit further and found a guide for the same topic regarding CUPS:
http://docwiki.cisco.com/wiki/Cisco_Unified_Presence,_Release_7.x_--_utils_network_capture_eth0_CLI_Command
The solution was to mix both documents to a working solution. So, lets see how it works:
We want to capture max 5000 Packets with max packet size of 1500 bytes from phone 172.20.23.222 to our CUCM. So we enter this in CUCM:
admin:utils network capture eth0 numeric file test count 5000 size 1500 host ip 172.20.23.222
Warning: existing test.cap was renamed test_7.cap
Executing command with options:
size=1500 count=5000 interface=eth0
src= dest= port=
ip=172.20.23.222
Control-C pressed
The warning is because of my previous failed attemts. I always entered the same line with test.cap as destination file. CUCM recognizes the existence of the file and renames it automatically to an appropriate syntax. After testing the function / provocating the problem I finished the capture via ctrl+c. Now lets verify if the file is where we expect it:
admin:file list activelog platform/cli/ detail
09 Aug,2011 01:59:35 6,336 test.cap
09 Aug,2011 01:18:49 111,488 test_1.cap
09 Aug,2011 01:41:16 12,482 test_2.cap
09 Aug,2011 01:42:45 37,540 test_3.cap
09 Aug,2011 01:43:23 6,062 test_4.cap
09 Aug,2011 01:47:14 6,348 test_5.cap
09 Aug,2011 01:53:11 4,688 test_6.cap
09 Aug,2011 01:59:09 7,338 test_7.cap
dir count = 0, file count = 8
Looks fine. So lets download the capturefile for further analysis. You need to setup a SFTP server on your laptop / pc and copy it to there. Btw. I had some problems with CoreFTP. Each try resulted in an "Invalid download directory specified" error. So I switched to FreeSSHd which worked fine:
admin:file get activelog platform/cli/test_7.cap
Please wait while the system is gathering files info ...done.
Sub-directories were not traversed.
Number of files affected: 1
Total size in Bytes: 7338
Total size in Kbytes: 7.1660156
Would you like to proceed [y/n]? y
SFTP server IP: 172.20.23.82
SFTP server port [22]:
User ID: cisco
Password: *****
Download directory: /
.
Transfer completed.
admin:
You can find other options in the links above (src / dst / port / etc. filtering).
Well thats it. Easy if you know how ...