Table of Contents
Advertisement
Chapter 4:
4.1.4
Packet Capture
Packet capture capability can be used to capture packets and analyze them for debugging
purposes. This capability is only available through CLI. Packets can be filtered for capture by
on the basis of host, port, interface, etc. The captured packets are stored in a file in on RAM
disk in the VPN Concentrator with the extension "pcap". Packets can be captured on eth0
(LAN port), eth1 (WAN port), and pppX (where X is a positive integer). pppX is the interface
that is associated with a remote phone.
4.1.4.1
Capturing Packets for an Individual SSL Connection
Packets will need to be captured on eth0, eth1, and pppN (where N is a positive integer) for an
individual SSL connection. Following steps need to be taken to capture the packets for a given
SSL VPN connection:
1. Identify the PPP session associated with a given phone by obtaining the IP address
of the phone from the
address of the phone has been identified, then use the "
the PPP interface that has the phone's IP address.
2. Create the disk space to store the captured information by issuing the following
command: "
3. Capture the packets on eth0, eth1, and ppp0 (assuming that ppp0 has the same IP
address as the phone) by using the following command: "
/etc/images/PPP0.pcap & tcpdump -s 0 -ni eth0 host <private IP of Phone> -w /etc/
images/ETH0.pcap & tcpdump -s 0 -ni eth1 host <WAN public IP address> –w /etc/
images/ETH1.pcap
4. Next, stop the packet capture by issuing the following command: "
5. FTP the captured file "
viewed by a program like "wireshark" or sent to ShoreTel support team for analy-
sis.
VPN Concentrator Installation and Configuration Guide
"Active Sessions"
mount –t tmpfs tmpfs /etc/images –o size=8m
"
/etc/images/ETH1.pcap
Tools and Troubleshooting
by using its MAC address. Once the IP
" command to find
ifconfig
"
tcpdump -s 0 -ni ppp0 -w
" to remote server so that it can be
"
killall tcpdump
39
Hide quick links:
Advertisement
Table of Contents
