CUCM CLI packet capture - how to limit to a network (vs host)

joe.loiacono · ‎01-25-2016

Hello,

Trying to do a packet capture that limits itself to a /24 network instead of an individual host, or everything. For example:

utils network capture eth0 ip src 10.76.62.0 mask 255.255.255.0

Unfortunately this does not capture any packets at all.

Is it possible to capture anything between a single host and everything?

Thank you,

Joe Loiacono

Deepak Rawat · ‎01-25-2016

How about capturing everything using below command and then filter it according to the source/destination IP, protocol etc in the Wireshark itself:

utils network capture eth0 file packets count 1000000 size all

Regards

Deepak

joe.loiacono · ‎01-25-2016

That is what I have been doing. However it limits the length of the capture window to 7 minutes (based on the 100000 limit for packets). I see you set that limit to 1,000,000 but I didn't think that was possible.

Even if it is possible, I'm concerned that the subscriber would be affected poorly by doing a full packet capture for 70 minutes while it was also trying to do its normal operational activities. And who knows the size of the file too?

However, if you've had experience doing this without significant impact, perhaps I can try it.

Thanks,

Joe

Deepak Rawat · ‎01-25-2016

Got you, try below command and this will capture all the traffic "to" and "from" for a particular host

"utils network capture eth0 file packets count 100000 size all host ip 10.1.1.1"

Regards

Deepak

joe.loiacono · ‎01-25-2016

Yes, I'm familiar with that one also. The challenge for me is to capture from a /24, not just a single host, and not the world.

It's funny ... the utils network command doesn't 'choke' when I add the mask command; but it doesn't honor it either:

utils network capture eth0 ip src 10.76.62.0 mask 255.255.255.0

That's why I thought I had a syntax issue.

Thanks,

Joe