Packet Trace

The Oracle Communications Session Border Controller's packet trace tool provides the user with the ability to capture traffic from the Oracle Communications Session Border Controller itself.

The user invokes the tool from the ACLI, manually specifying:

  • How to capture (local vs remote)
  • What to capture
  • Capture start and stop

There are two capture modes, one that saves traffic locally and one that mirrors traffic to a user-specified target. Software only deployments support local capture only. Proprietary Acme hardware deployments support both local and remote capture.

  • Local capture supports PCAP filters to specify the type of traffic to capture. Remote capture supports its own syntax to identify the traffic to mirror.
  • Local packet capture is dependent on access control configuration, not capturing any denied traffic. Remote capture mirrors traffic regardless of access control configuration.
  • The system does not capture RTP via local packet capture.
  • Running packet trace on a standby node is not supported.

Installed NIUs impact remote packet capture. Fragmented packets that ingress HIFNs or Cavium NIUs include only the outer header within the fragments. As a result, these traces do not appear to be using IPIP encapsulation. This differs from fragmented packets that ingress the Quad port GiGE and Copper PHY NIUs. These traces include inner and outer headers within the fragments.

Do not run packet-trace simultaneously with other Oracle Communications Session Border Controller replication features, such as LI, SRS, SIP Monitoring and Trace, and Call Recording. These features may interfere with each other, corrupting each's results.

The default packet trace filter uses the specified interface to capture both ingress and egress traffic. To specify captured traffic, you can append the command with a PCAP filter enclosed in quotes. PCAP filter syntax is widely published (e.g., via Oracle Linux man pages). The version of libpcap being used can be determined with the show platform components command.

Refer to Wireshark, tcpdump and Berkley Packet Filter (BPF) syntax and example resources as guidance for your capture filters:

https://wiki.wireshark.org/CaptureFilters

https://www.tcpdump.org/manpages/pcap-filter.7.html

http://biot.com/capstats/bpf.html

Previous
Previous 		Next
Next
Go To Table Of Contents
Contents