Packet Capture (PCAP) Trace

Feature Information

Summary Data

Applicable Product(s) or Functional Area

  • ePDG

  • IPSec

  • MME

  • SaMOG

Applicable Platform(s)

ASR 5500

vPC-SI

vPC-DI

Feature Default

Disabled

Related Changes in This Release

Not Applicable

Related Documentation

  • ASR 5000 System Administration Guide

  • ASR 5500 System Administration Guide

  • Command Line Interface Reference Guide

  • ePDG Administration Guide

  • IPSec Reference Guide

  • SaMOG Administration Guide

  • VPC-SI System Administration Guide

Revision History


Important

Revision history details are not provided for features introduced before release 21.2.


Revision Details

Release

PCAP Tracing support for MME S1-AP interface is added in this release.

21.4

First introduced.

21.2

Feature Description

This feature enables the output of the monitor subscriber and monitor protocol commands to be captured using the packet capture (PCAP) functionality. The output can be stored in a text file in a hard disk, and later transferred to an external server through SFTP using a PUSH or PULL method. The text file can then be converted to a pcap file using external tools such as text2pcap, or imported directly as PCAP using packet analyzer tools such as wireshark.

PCAP trace and hexdump file collection can be enabled or disabled under the monitor protocol and monitor subscriber commands. For more information, refer Enabling or Disabling Hexdump section of this chapter.


Note

For VPC-DI deployments, a separate function is available to perform packet captures on specific cards (VMs) and card interfaces on the internal DI-network. Refer to the Exec mode command system packet-dump command in the Command Line Interface Reference for more information.


Configuring PCAP Trace

Enabling Multiple Instances of CDRMOD

Use the following configuration to enable multiple instances of CDRMOD (one per packet processing card):

config 
    cdr-multi-mode 
    end 

Notes:

  • Although hexdump record generation is supported on both single-mode and multi-mode, it is recommended to enable the CDR multi-mode.


    Important

    After you configure the cdr-multi-mode CLI command, you must save the configuration and then reload the chassis for the command to take effect. For information on saving the configuration file and reloading the chassis, refer to the System Administration Guide for your deployment.


  • Use the default cdr-multi-mode command to configure this command with its default setting.


    Important

    After you configure the default cdr-multi-mode CLI command, you must save the configuration and then reload the chassis for the command to take effect. For information on saving the configuration file and reloading the chassis, refer to the System Administration Guide for your deployment.


  • Default: Single CDRMOD mode

Configuring the Hexdump Module

Use the following configuration to specify the handling characteristics of the hexdump files:

config 
    context context_name 
        hexdump-module 
            hexdump { purge { storage-limit megabytes | time-limit seconds } [ max-files max_records ] | push-interval interval | push-trigger space-usage-percent trigger_percent | remove-file-after-transfer | transfer-mode { pull [ module-only ] | push primary { encrypted-url | url } url [ secondary { encrypted-secondary-url | secondary-url } secondary_url ] [ via local-context ] [ max-files files ] [ max-tasks max_tasks ] [ module-only ] } | use-harddisk } 
            end 

Notes:

  • Use the default hexdump [ purge | push-interval | push-trigger [ space-usage-percent ] | remove-file-after-transfer | transfer-mode [ module-only ] | use-harddisk ] + command to configure the keywords to its the default setting.

    • purge: Not enabled

    • push-interval: 60 seconds

    • push-trigger: 80 percent

    • remove-file-after-transfer: Disabled

    • transfer mode: PUSH

    • use-harddisk: Disabled

  • Use the no hexdump [ purge | remove-file-after-transfer | use-harddisk ] + command to disable the configured hexdump file storage and processing.

    • purge : Disables the deleting of record files on the hard disk based on a storage limit or a time limit.

    • remove-file-after-transfer : Retains a copy of the file even after it has been pushed or pulled to another server.

    • use-harddisk : Disables data storage on the system's hard disk.

  • Use the purge { storage-limit megabytes | time-limit seconds } [ max-files max_records ] keywords to configure parameters for deleting hexdump records from the hard drive. This command is not enabled by default.

    • storage-limit megabytes : Specifies that hexdump records are to be deleted from the hard drive upon reaching a storage limit defined in megabytes.

      bytes must be an integer from 10 through 143360.

    • time-limit seconds : Specifies that hexdump records are to be deleted from the hard drive upon reaching a time limit defined in seconds.

      seconds must be an integer from 600 through 2592000.

    • max-files max_records : Specifies the maximum number of files to purge. If configured to 0, all records will be purged until the limit is reached.

      max_records must be an integer that is of value 0, or from 1000 through 10000.

  • Use the push-interval interval keyword to specify the transfer interval (in seconds) when hexdump files will be pushed to an external file server.

    • interval must be an integer from 30 through 3600.

    • Default: 60

  • Use the push-trigger space-usage-percent trigger_percent to specify the disk space utilization percentage threshold at which an automatic push is triggered and files are transferred to the external server.

    • trigger_percent must be an integer from 10 through 80.

    • Default: 80

  • Use the remove-file-after-transfer keyword to specify that the system must delete hexdump files after they have been transferred to the external file server.

    Default: Disabled.


    Important

    This keyword must be enabled for hexdump records.
  • Use the transfer-mode { pull [ module-only ] | push primary { encrypted-url | url } url [ secondary { encrypted-secondary-url | secondary-url } secondary_url ] [ via local-context ] [ max-files files ] [ max-tasks max_tasks ] [ module-only ] } keywords to specify the transfer mode to be used when transferring hexdump files to an external file server

    • pull : Specifies that the destination server (external storage) will pull the hexdump files.

    • push : Specifies that the system will push hexdump files to the destination server. This is the default mode.

    • primary encrypted-url url : Specifies the primary URL location to which the system pushes the files in encrypted format.

      url must be an alphanumeric string of 1 through 8192 characters.

    • primary url url : Specifies the primary URL location to which the system pushes the hexdump files.

      url must be an alphanumeric string of 1 through 1024 characters in the format: //user:password@host:[port]/direct.

    • secondary encrypted-secondary-url secondary_url : Specifies the secondary URL location to which the system pushes the files in encrypted format.

      secondary_url must be an alphanumeric string of 1 through 8192 characters.

    • secondary secondary-url secondary_url : Specifies the secondary URL location to which the system pushes the hexdump files.

      secondary_url must be an alphanumeric string of 1 through 1024 characters in the format: //user:password@host:[port]/direct.

    • via local-context : Specifies that the local context, and, subsequently, the SPIO management ports, will be used to pull or push hexdump files.

    • max-files files : Specifies the maximum number of files that can be transferred per push.

      files must be an integer from 4 to 4000.

    • max-tasks max_tasks : Specifies the maximum number of files per push.

      max_tasks must be an integer from 4 through 8.

    • module-only : Specifies that the transfer of hexdump records is to be applied only to the module type for which the configuration was originally created. If this option is not enabled, the transfer will occur for all record types.

  • Use the use-harddisk keyword to specify that the hard disk drive on the SMC is to be used to store hexdump records.

    Default: Disabled.


    Important

    This keyword must be enabled for hexdump records.

Configuring the Hexdump File Parameters

Use the following configuration to specify the format of the hexdump files:

config 
    context context_name 
        hexdump-module 
            file [ compression { gzip | none } | current-prefix prefix | delete-timeout seconds | directory directory_name | exclude-checksum-record | field-separator { hyphen | omit | underscore } | headers | name file_name | reset-indicator | rotation { num-records number | tariff-time minute minutes hour hours | time seconds | volume bytes } | sequence-number { length length | omit | padded | padded-six-length | unpadded } | storage-limit limit | time-stamp { expanded-format | rotated-format | unix-format } | trailing-text string | trap-on-file-delete | xor-final-record ] + 
            end 

Notes:

  • Use the default file [ compression | current-prefix | delete-timeout | directory | field-separator | headers | name | reset-indicator | rotation { num-records | tariff-time | time | volume } | sequence-number | storage-limit | time-stamp | trailing-text | trap-on-file-delete ] + command to configure the default setting for the specified keyword(s).

  • Use the compression { gzip | none } keyword to specify the compressions of hexdump files.

    • gzip : Enables GNU zip compression of the hexdump file at approximately 10:1 ratio.

    • none : Disables Gzip compression.

  • Use the current-prefix prefix keyword to specify a string to add at the beginning of the hexdump file that is currently being used to store records.

    • prefix must be an alphanumeric string of 1 through 31 characters.

    • Default: curr

  • Use the delete-timeout seconds keyword to specify a time period, in seconds, after which the hexdump files are deleted. By default, files are never deleted.

    • seconds must be an integer from 3600 through 31536000.

    • Default: Disabled

  • Use the directory directory_name keyword to specify a subdirectory in the default directory in which to store hexdump files.

    • directory_name must be an alphanumeric string of 0 through 191 characters.

    • Default: /records/hexdump

  • Use the exclude-checksum-record keyword to exclude the final record containing #CHECKSUM followed by the 32-bit Cyclic Redundancy Check (CRC) of all preceding records from the hexdump file.

    Default: Disabled (a checksum record is included in the hexdump file header)

  • Use the field-separator { hyphen | omit | underscore } to specify the type of separators between two fields of a hexdump file name:

    • hyphen : Specifies the field separator as a "-" (hyphen) symbol between two fields.

    • omit : Omits the field separator between two fields.

    • underscore : Specifies the field separator as an "_" (underscore) symbol between two fields.

  • Use the headers keyword to include a file header summarizing the record layout.

  • Use the name file_name to specify a string to be used as the base file name for hexdump files.

    file_name must be an alphanumeric string from 1 through 31 characters.

  • Use the reset-indicator to specify the inclusion of the reset indicator counter (value from 0 through 255) in the hexdump file name.

    The counter is incremented whenever any of the following conditions occur:

    • A peer chassis has taken over in compliance with Interchassis Session Recovery (ICSR).

    • The sequence number (see sequence-number keyword) has rolled over to zero.

  • Use the rotation { num-records number | tariff-time minute minutes hour hours | time seconds | volume bytes } keyword to specify when to close a hexdump file and create a new one.

    • num-records number : Specifies the maximum number of records that should be added to a hexdump file. When the number of records in the file reaches this value, the file is complete.

      number must be an integer from 100 through 10240. Default: 1024

    • tariff-time minute minutes hour hours : Specifies to close the current hexdump file and create a new one based on the tariff time (in minutes and hours).

      minutes must be an integer from 0 through 59.

      hours must be an integer from 0 through 23.

    • time seconds : Specifies the period of time to wait (in seconds) before closing the current hexdump file and creating a new one.

      seconds must be an integer from 30 through 86400. Default: 3600


      Important

      It is recommended to set the rotation time to 30 seconds.
    • volume bytes : Specifies the maximum size of the hexdump file (in bytes) before closing it and creating a new one.

      bytes must be an integer from 51200 through 62914560. Note that a higher setting may improve the compression ratio when the compression keyword is set to gzip. Default: 102400

  • Use the sequence-number { length length | omit | padded | padded-six-length | unpadded } keyword to exclude or include the sequence number with a specified format in the file name.

    • length length : Includes the sequence number with the specified length.

      length must be the file sequence number length with preceding zeroes in the file name, and must be an integer from 1 through 9.

    • omit : Excludes the sequence number from the file name.

    • padded : Includes the padded sequence number with preceding zeros in the file name. This is the default setting.

    • padded-six-length : Includes the padded sequence number with six preceding zeros in the file name.

    • unpadded : Includes the unpadded sequence number in the file name.

  • Use the storage-limit limit keyword to set the storage limit. Files will be deleted when the specified amount of space (in bytes) is reached.

    limit must be an integer from 10485760 through 268435456.

  • Use the time-stamp { expanded-format | rotated-format | unix-format } keyword to specify the format of the file creation timestamp to be included in the file name.

    • expanded-format : Specifies the UTC (Universal Time Coordinated) MMDDYYYYHHMMSS format.

    • rotated-format : Specifies the time stamp format to YYYYMMDDHHMMSS format.

    • unix-format : Specifies the UNIX format of x.y, where x is the number of seconds since 1/1/1970 and y is the fractional portion of the current second that has elapsed.

  • Use the trailing-text string keyword to specify the inclusion of an arbitrary text string in the file name as an alphanumeric string of 1 through 30 characters.

    string must be an alphanumeric string from 1 through 30 characters.

  • Use the trap-on-file-delete keyword to instruct the system to send an SNMP notification (trap) when a hexdump file is deleted due to lack of space.

    Default: Disabled

  • Use the xor-final-record keyword to insert an exclusive OR (XOR) checksum (instead of a CRC checksum) into the hexdump file header, if the exclude-checksum-record is left at its default setting.

    Default: Disabled

  • The + symbol indicates that more than one of the previous keywords can be entered within a single command.

Enabling or Disabling Hexdump

Hexdump captures can be enabled for protocols in the monitor subscriber and monitor protocol commands in the Exec Mode. Subscriber information for PCAP trace can be specified using the filters in the monitor subscriber command. For protocols and filters supported for a specific product, refer the respective product Administration and Reference guides.

When the monitor subscriber or monitor protocol command is running, use the U or V option to enable hexdump capturing:

  • U - Mon Display (ON) : Use this option to display message captures on the terminal.

    • Default: ON

    • When this option is turned off, monitoring will still run in the background.

  • V - PCAP Hexdump (NONE) : Use this option to enable or disable capturing hexdump packets globally.

    • Default: None

    • V - PCAP Hexdump (ON) : Hexdump capture is enabled with the prompt:

      Warning :Turning ON/OFF will impact other cli logging terminals, You will interupt others already using hexdump.

    • V - PCAP Hexdump (OFF) : Hexdump capture is disabled (paused).

Enabling PCAP Trace for MME

This section describes how to enable PCAP trace for MME S1-AP interface and SGsAP interface.

  • Under monitor protocol (monpro), enable S1-AP and SGS, or SCTP protocol option along with V - PCAP Hexdump (ON), to capture all S1-AP messages in PCAP hexdump.

  • Monitor subscriber (monsub) supports PCAP tracing on S1-AP and SGS filter options.

  • When S1-AP or SGS filter option is selected in monpro/monsub, PCAP Hexdump will have dummy SCTP header. The following fields are set as dummy in the SCTP header:

    • Verification tag

    • Checksum

    • Chunk flags

    • Transmission Sequence Numbers (TSN)

    • Stream identifier

    • Stream sequence number

  • When the SCTP protocol option is selected in monpro, PCAP hexdump will have the original SCTP header.

Monitoring and Troubleshooting PCAP Trace

Show Command(s) and/or Outputs

The show command(s) in this section are available in support of PCAP trace.

show cdr statistics

The following fields are available in the output of the show cdr statistics command in support of this feature:

EDR-UDR file Statistics: 
------------------------ 
CDRMOD Instance Id: 2 
 Hexdump-module Record Specific Statistics: 
  Hexdump-module files rotated:                      0 
  Hexdump-module files rotated due to volume limit:  0 
  Hexdump-module files rotated due to time limit:    0 
  Hexdump-module files rotated due to tariff-time:   0 
  Hexdump-module files rotated due to records limit: 0 
  Hexdump-module file rotation failures:             0 
  Hexdump-module files deleted:                      0 
  Hexdump-module records deleted:                    0 
  Hexdump-module records received:                   0 
  Current open Hexdump-module files:                 0 
  Time of last Hexdump-module file deletion:         0 
Table 1. show cdr statistics Command Output Descriptions

Field

Description

EDR-UDR file Statistics:

CDRMOD Instance Id

Indicates the CDRMOD instance id for which the statistics are collected.

Hexdump-module Record Specific Statistics:

Hexdump-module files rotated

Total number of times a hexdump file was closed and a new hexdump file was created.

Hexdump-module files rotated due to volume limit

Total number of times a hexdump file was closed and a new hexdump file was created since the volume limit was reached.

Hexdump-module files rotated due to time limit

Total number of times a hexdump file was closed and a new hexdump file was created since the time limit was reached.

Hexdump-module files rotated due to tariff-time

Total number of times a hexdump file was closed and a new hexdump file was created since the tariff time was reached.

Hexdump-module files rotated due to records limit

Total number of times a hexdump file was closed and a new hexdump file was created since the records limit was reached.

Hexdump-module file rotation failures

Total number of times hexdump file rotation failed.

Hexdump-module files deleted

Total number of times hexdump files were deleted.

Hexdump-module records deleted

Total number of times hexdump records were deleted.

Hexdump-module records received

Total number of times hexdump records were received.

Current open Hexdump-module files

Total number of hexdump files currently open.

Time of last Hexdump-module file deletion

Time of the last deleted hexdump file.

show { hexdump-module | cdr } file-space-usage

The following fields are available in the output of the show { hexdump-module | cdr } file-space-usage command in support of this feature:

CDRMOD Instance Id: 2 
   Hexdump-module File Storage LIMIT              : 33554432 bytes 
   Hexdump-module File Storage USAGE              : 196608 bytes 
   Percentage of Hexdump-module file store usage  : 0.585938
 
Table 2. show { hexdump-module | cdr } file-space-usage Command Output Descriptions

Field

Description

CDRMOD Instance Id

Indicates the CDRMOD instance id for which the statistics are collected.

Hexdump-module File Storage LIMIT

Indicates the maximum storage space (in bytes) that can be used for hexdump files.

Hexdump-module File Storage USAGE

Indicates the total storage space (in bytes) used for hexdump files.

Percentage of Hexdump-module file store usage

Indicates the total percentage of storage used for hexdump files.

show hexdump-module statistics

The following fields are available in the output of the show hexdump-module statistics command in support of this feature.

Hexdump-module-Record file Statistics: 
------------------------ 
CDRMOD Instance Id: 2 
  Hexdump-module files rotated:                      0 
  Hexdump-module files rotated due to volume limit:  0 
  Hexdump-module files rotated due to time limit:    0 
  Hexdump-module files rotated due to tariff-time:   0 
  Hexdump-module files rotated due to records limit: 0 
  Hexdump-module file rotation failures:             0 
  Hexdump-module files deleted:                      0 
  Hexdump-module records deleted:                    0 
  Hexdump-module records received:                   0 
  Current open Hexdump-module files:                 0 
  Time of last Hexdump-module file deletion:         0 

Hexdump-module PUSH Statistics: 
----------------------------------- 
  Successful File Transfers   : 0 
  Failed File Transfers       : 0 
  Num of times PUSH initiated : 0 
  Num of times PUSH Failed    : 0 
  Num of times PUSH cancelled 
            due to HD failure : 0 
  Num of periodic PUSH        : 0 
  Num of manual PUSH          : 0 
  Current status of PUSH      : Not Running 
  Last completed PUSH time    : N/A 

Primary Server Statistics: 
  Successful File Transfers   : 0 
  Failed File Transfers       : 0 
  Num of times PUSH initiated : 0 
  Num of times PUSH Failed    : 0 
  Num of periodic PUSH        : 0 
  Num of manual PUSH          : 0 
  Current status of PUSH      : Not Running 
  Last completed PUSH time    : N/A 

Secondary Server Statistics: 
  Successful File Transfers   : 0 
  Failed File Transfers       : 0 
  Num of times PUSH initiated : 0 
  Num of times PUSH Failed    : 0 
  Num of periodic PUSH        : 0 
  Num of manual PUSH          : 0 
  Current status of PUSH      : Not Running 
  Last completed PUSH time    : N/A 

Important

Use the clear hexdump-module statistics command under the Exec Mode to clear and reset the hexdump module statistics.
Table 3. show hexdump-module statistics Command Output Descriptions

Field

Description

Hexdump-module-Record file Statistics:

CDRMOD Instance Id

Indicates the CDRMOD instance id for which the statistics are collected.

Hexdump-module files rotated

Total number of times a hexdump file was closed and a new hexdump file was created.

Hexdump-module files rotated due to volume limit

Total number of times a hexdump file was closed and a new hexdump file was created since the volume limit was reached.

Hexdump-module files rotated due to time limit

Total number of times a hexdump file was closed and a new hexdump file was created since the time limit was reached.

Hexdump-module files rotated due to tariff-time

Total number of times a hexdump file was closed and a new hexdump file was created since the tariff time was reached.

Hexdump-module files rotated due to records limit

Total number of times a hexdump file was closed and a new hexdump file was created since the records limit was reached.

Hexdump-module file rotation failures

Total number of times hexdump file rotation failed.

Hexdump-module files deleted

Total number of times hexdump files were deleted.

Hexdump-module records deleted

Total number of times hexdump records were deleted.

Hexdump-module records received

Total number of times hexdump records were received.

Current open Hexdump-module files

Total number of hexdump files currently open.

Time of last Hexdump-module file deletion

Time of the last deleted hexdump file.

Hexdump-module PUSH Statistics:

Successful File Transfers

Total number of hexdump files that were successfully transferred.

Failed File Transfers

Total number of hexdump files that failed to transfer.

Num of times PUSH initiated

Total number of times the PUSH operation was initiated.

Num of times PUSH Failed

Total number of times PUSH operation failed.

Num of times PUSH cancelled due to HD failure

Total number of times PUSH operation failed due to hard disk failure.

Num of periodic PUSH

Total number of periodic times PUSH operation was performed.

Num of manual PUSH

Total number of times the PUSH operation was performed manually.

Current status of PUSH

Indicates if the PUSH operation is currently running.

Last completed PUSH time

Indicates the time when the last PUSH operation was completed.

Primary Server Statistics:

Successful File Transfers

Total number of hexdump files successfully transferred to the primary storage server.

Failed File Transfers

Total number of hexdump files that failed transfer to the primary storage server.

Num of times PUSH initiated

Total number of times PUSH operation was initiated to transfer hexdump files to the primary storage server.

Num of times PUSH Failed

Total number of times PUSH operation failed to transfer hexdump files to the primary storage server.

Num of periodic PUSH

Total number of periodic times PUSH operation was performed to the primary storage server.

Num of manual PUSH

Total number of times the PUSH operation to the primary storage server was performed manually.

Current status of PUSH

Indicates if the PUSH operation to the primary storage server is currently running.

Last completed PUSH time

Indicates the time when the last PUSH operation to the primary storage server was completed.

Secondary Server Statistics:

Successful File Transfers

Total number of hexdump files successfully transferred to the secondary storage server.

Failed File Transfers

Total number of hexdump files that failed transfer to the secondary storage server.

Num of times PUSH initiated

Total number of times PUSH operation was initiated to transfer hexdump files to the secondary storage server.

Num of times PUSH Failed

Total number of times PUSH operation failed to transfer hexdump files to the secondary storage server.

Num of periodic PUSH

Total number of periodic times PUSH operation was performed to the secondary storage server.

Num of manual PUSH

Total number of times the PUSH operation to the secondary storage server was performed manually.

Current status of PUSH

Indicates if the PUSH operation to the secondary storage server is currently running.

Last completed PUSH time

Indicates the time when the last PUSH operation to the secondary storage server was completed.