1. Call Traffic Monitoring Guide
  2. Packet Trace
  3. Packet Trace Over VNF Systems

Packet Trace Over VNF Systems

The Oracle® Enterprise Session Border Controller's packet trace tool provides the user with the ability to capture traffic from the Oracle® Enterprise Session Border Controller itself. The packet capture command is documented elsewhere, but the syntax and operation for VNF systems is not the same.

There are two capture modes across the product line, one that saves traffic locally and one that mirrors traffic to a user-specified target. Software only deployments support local capture only.

The user invokes the tool from the ACLI, manually specifying:

  • How to capture (local only for VNF)
  • What to capture
  • Capture start and stop

Local capture supports PCAP filters to specify the signaling traffic you want to capture. The default packet trace filter uses the specified interface to capture both ingress and egress traffic. The user can then use the packet-trace command's syntax to filter based on target IP ad well as local and remote port. To further specify captured traffic, the user can also append the command with a PCAP filter enclosed in quotes. PCAP filter syntax is widely published.

The user can run only a single capture on a given interface. However, the user can run multiple captures simultaneously, as long as they are on separate interfaces.

Local packet capture is dependent on access control configuration, not capturing any denied traffic.

VNF platforms require the user to manually stop a local packet capture prior to restarting it. The command syntax does not notify the user of this requirement prior to capture re-start. Running the command to either "stop all" or "stop the specific capture" allow you to successfully restart your capture.

Note:

Do not run packet-trace simultaneously with other Oracle® Enterprise Session Border Controller replication features, such as LI, SRS, SIP Monitoring and Trace, and Call Recording. These features may interfere with each other, corrupting each's results.

Packet Trace Local enables the Oracle® Enterprise Session Border Controller to capture traffic between two endpoints, or between itself and a specific endpoint. To accomplish this, the Oracle® Enterprise Session Border Controller replicates the packets sent and received and saves them to disk in .PCAP format.

By default, the system saves the .PCAP file in /opt/traces, naming it with the applicable interface name as well as the date and time of the capture. Alternatively, the user can specify file name using the system supports the PCAP filter flags -w.

The system rotates the PCAPs created in this directory by size. The last 25 files are kept and are rotated when they reach 100 MB. If there are capture files in the /opt/traces directory when this command is run, the system prompts the user to remove them before running new captures. If preferred, the user can decline this file deletion.

Starting a Local Packet Trace on VNF Systems

You use the start a packet trace by entering the appropriate ACLI command with these pieces of information:

  • Network interface (name:subport ID combination)

  • (Optional) IP address to be traced; if you do not enter local and/or remote ports when you start the trace, the Oracle® Enterprise Session Border Controller traces all open sockets.

  • (Optional) Local UDP/TCP port on which the Oracle® Enterprise Session Border Controller sends and receives traffic to be traced.
  • (Optional) Remote UDP/TCP port to which the Oracle® Enterprise Session Border Controller sends traffic, and from which it receives traffic to be traced; you cannot enter the remote port without specifying a local port.
  • (Optional) Enter a tcpdump command line within quotes.

Note that the system supports local packet trace on all platforms. To start a packet trace with local and remote ports specified:

  1. Enter the ACLI packet-trace local command followed by a Space, and the parameter start. After another space, type in the name and subport ID for the network interface followed by a Space.
    The syntax below includes the IP address to be traced, the local port number, then the remote port number separated by spaces.
  2. Press Enter. 
    
ORACLE# packet-trace local start core:0 192.168.10.99 5060 5060
Trace started for 192.168.10.99

Stopping a Local Packet Trace on VNF Systems

You stop a local packet trace by entering the appropriate ACLI command with these pieces of information:

  • Network interface (name:subport ID combination)
  • (Optional) IP address to be traced
  • (Optional) Local UDP/TCP port on which the Oracle® Enterprise Session Border Controller sends and receives traffic to be traced
  • (Optional) Remote UDP/TCP port to which the Oracle® Enterprise Session Border Controller sends traffic, and from which it receives traffic to be traced

If the packet trace you want to stop has no entries for local and/or remote ports, then you do not have to specify them.

  1. To stop a packet trace with local and remote ports specified, enter the ACLI packet-trace local command followed by a Space, and the word stop. After another Space, type in the name and subport ID for the network interface followed by a Space, the IP address to be traced followed by a Space, the local port number followed by a Space, and then optionally the remote port number. Then press Enter. 
    ORACLE# packet-trace local stop core:0 192.168.10.99 5060 5060
  2. To stop all packet traces on the Oracle® Enterprise Session Border Controller, enter the ACLI packet-trace local command followed by a Space, and the word stop. After another Space, type the word all and press Enter. 
    ORACLE# packet-trace local stop all