Monday, July 02, 2012

Packet capture via Cisco CUCM, UCCX, etc. interface

Had an issue where monitoring calls via Cisco Supervisor Desktop was failing when the UCCX server was used as the monitoring server (rather than using the CAD client in desktop monitoring mode).  Setting the switch's monitor destination to my laptop like the UCCX port configuration and using Wireshark as the capture tool showed plenty of interesting traffic, but I didn't seem to be able to retrieve the same from the UCCX server.  Capturing the traffic that UCCX itself "heard" would be helpful.

To capture packets on a CUCM, UCCX, etc. ethernet interface you can run the following from the server command line:

utils network capture size ALL count 10000 file capx

- utils network capture starts the capture on the server's eth0 port
- size ALL indicates no maximum number of bytes of the packet has been set
- count 10000 indicates the number of packets to capture
- file capx defines capx as the file name where the capture will be written too

Once you enter the command, you stop the capture by pressing CTRL+c at command line.

The capture can then be retrieved via RTMT on the second page of the collect files option, and can be opened and analyzed in Wireshark.

NOTE: I never had much of a problem with this command but have been warned it can be business impacting!