Hello all,

We have this call flow and we are having intermittent DTMF issue

CUCM 10.5--->CUBE(10.1.1.10--->AVAYA(10.1.1.11)--->PSTN

I am trying to capture RTP packets between CUBE and AVAYA, How can we capture RTP packets between(10.1.1.10 and 10.1.1.11)??

I followed below steps and I can see the traffic only from AVAYA to CUBE and that too only SIP and TCP not RTP.

Router(config)# access-list 140 permit ip host 32.55.55.32 any
Router(config)# access-list 140 permit ip any host 32.55.55.32

This ACL will capture all traffic to and from this IP address.

Next we need to enable the Cisco packet monitoring service:

Router# monitor capture buffer holdpackets

Now we can filter the monitored traffic by filtering it through our access-list:

Router# monitor capture buffer holdpackets filter access-list 140

Now we need to name our particular packet capture. I have called mine "testcap"

Router# monitor capture point ip cef testcap all both
Router# monitor capture point associate testcap holdpackets

Now we can start our capture!

Router# monitor capture point start testcap

Once you think you have acquired enough packets, to stop the capture, type:

Router# monitor capture point stop testcap

Now you can export your data to your tftp server by typing in the following command. You can then open the .pcap file in Wireshark for viewing

Router# monitor capture buffer holdpackets export tftp://10.0.0.55/testcap.pcap

Once uploaded you can clear your capture buffer by typing the following:

Router# no monitor capture buffer holdpackets

Any help is much appreciated

Thanks!