This article describes how to start a remote Wireshark trace on the XCC satellite to analyze network problems.
(This becomes relevant in case of voice connection problems, one-way voice communication, etc.).
Open Wireshark and click on the gear icon of the "SSH remote Captures".
(It is possible that this option is missing in your system, if so, you need to reinstall Wireshark and include "SSH remote capture" in the feature selection).
Once you have clicked on the gear, the following input mask will open.
Here you enter the IP of your XCC satellite and the remote SSH port "22":
Then switch to the "Authentication" tab.
Here you enter username ("root") and your password.
(The default satellite password is : A1111! if it has not already been changed when connecting to the Xphone server)
Next, go to the "Capture" tab.
Here please enter the remote interface of the satellite and a "capture command".
The remote interface is usually eth0 , but this may be different for you (please check this before you enter).
> this is possible e.g. with the Linus console command : " ip a ".
The capture command must also be entered individually, because different ports are used depending on the installation, but here is an example to illustrate the scheme:
/usr/sbin/tcpdump -U -w - 'port 5060 or port 5092 or port 4900 or port 4901 or portrange 30000-33000'
For explanation : (please adjust the ports depending on your installation / SIP GW to be traced)
Port 5060 and 5092 are the ports of the SIP trunks between TK and XCC (ports can be found in the SIP GW)
Port 4900 and 4901 are the ports of the loopback adapter (also found in the SIP GW)
Port 30000-33000 the portrange of the XCC
Now you can press the "Start" button, after a few seconds you should be able to see option pings in the trace.
If this is not the case, there is an error in the input (e.g. in the remote IP / remote interface or the capture command).
Note: As soon as the trace is stopped, it cannot be continued again without further ado.
To continue the trace, the password must be entered again in the "Authentication" tab.
Article is closed for comments.