Tuesday, August 9, 2011

Cisco CUCM Troubleshooting with CUCM Packet Capture

Today I had to troubleshoot a Cisco Unified Communications Manager 7.1.3 and the system logs didn't reveal the core of the problem. Next step would have been to place a Wireshark box somewhere in between the flow. But in this case that was not an option. So I remembered an article I had read here:
http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_tech_note09186a0080b36101.shtml
Should have solved my problem. Well it would, if it had worked. Whilst blaming Cisco for their faulty documentation I searched a little bit further and found a guide for the same topic regarding CUPS:
 http://docwiki.cisco.com/wiki/Cisco_Unified_Presence,_Release_7.x_--_utils_network_capture_eth0_CLI_Command
The solution was to mix both documents to a working solution. So, lets see how it works:
We want to capture max 5000 Packets with max packet size of 1500 bytes from phone 172.20.23.222 to our CUCM. So we enter this in CUCM:

admin:utils network capture eth0 numeric file test count 5000 size 1500 host ip 172.20.23.222
Warning: existing test.cap was renamed test_7.cap
Executing command with options:
 size=1500               count=5000              interface=eth0
 src=                    dest=                   port=
 ip=172.20.23.222

Control-C pressed

The warning is because of my previous failed attemts. I always entered the same line with test.cap as destination file. CUCM recognizes the existence of the file and renames it automatically to an appropriate syntax. After testing the function / provocating the problem I finished the capture via ctrl+c. Now lets verify if the file is where we expect it:

admin:file list  activelog platform/cli/ detail
09 Aug,2011 01:59:35        6,336  test.cap
09 Aug,2011 01:18:49      111,488  test_1.cap
09 Aug,2011 01:41:16       12,482  test_2.cap
09 Aug,2011 01:42:45       37,540  test_3.cap
09 Aug,2011 01:43:23        6,062  test_4.cap
09 Aug,2011 01:47:14        6,348  test_5.cap
09 Aug,2011 01:53:11        4,688  test_6.cap
09 Aug,2011 01:59:09        7,338  test_7.cap
dir count = 0, file count = 8

Looks fine. So lets download the capturefile for further analysis. You need to setup a SFTP server on your laptop / pc and copy it to there. Btw. I had some problems with CoreFTP. Each try resulted in an "Invalid download directory specified" error. So I switched to FreeSSHd which worked fine:

admin:file get activelog platform/cli/test_7.cap
Please wait while the system is gathering files info ...done.
Sub-directories were not traversed.
Number of files affected: 1
Total size in Bytes: 7338
Total size in Kbytes: 7.1660156
Would you like to proceed [y/n]? y
SFTP server IP: 172.20.23.82
SFTP server port [22]:
User ID: cisco
Password: *****

Download directory: /

.
Transfer completed.
admin:



You can find other options in the links above (src / dst / port / etc. filtering).
Well thats it. Easy if you know how ...

No comments: