Reporting on DTLS-SRTP Statistics
The use of DTLS-SRTP generates specific traffic detail that you can review from the ESBC ACLI.
The show security command produces a wide array of security-related statistics, including DTLS-SRTP status and issues. The most applicable information associated with DTLS-SRTP operation presented by show security includes the following:
- show security dtls-srtp < all | realm_id >—Displays system-wide SRTP session counts. The show security command is covered in the Viewing ETC NIU Statistics section of the Maintenance and Troubleshooting Guide.
The show security dtls-srtp can provide system-wide or realm-specific statistics on DTLS-SRTP traffic, as shown below. When you run the command without any arguments, the system displays DTLS-SRTP status on each realm. The output below indicates that there are not any active sessions on either realm. When you add the all argument, the system displays traffic statistics for each realm. You can narrow this output by specifying realm_ID.
ORACLE# show security dtls-srtp
17:40:07 - 133
core Idle
peer Idle
ORACLE# show security dtls-srtp all
17:40:10 - 136 Realm = core
–----Lifetime----
Recent Total PerMax
Packets Recv 0 3 2
Handshake Complete 0 1 1
Handshake Error 0 0 0
Fingerprint Error 0 0 0
Timeout 0 0 0
UnsupportedSrtpProfile 0 0 0
KeyMaterialExportError 0 0 0
KeyApplyOnFlowError 0 0 0
InternalError 0 0 0
17:40:10 - 136 Realm = core
–----Lifetime----
Recent Total PerMax
Packets Recv 0 122 22
Handshake Complete 0 5 5
Handshake Error 0 0 0
Fingerprint Error 0 0 0
Timeout 0 0 0
UnsupportedSrtpProfile 0 0 0
KeyMaterialExportError 0 0 0
KeyApplyOnFlowError 0 0 0
InternalError 0 0 0In addition, the show datapath command can display statistics related to DTLS-SRTP. This command, however, is extremely complex and can produce sensitive and high overhead output. Oracle recommends you contact technical support for assistance with the show datapath command.