Plantronics + Polycom. Now together as Poly Logo

[FAQ] How can I capture the network traffic of the phone remotely?

Highlighted
Polycom Employee & Community Manager

[FAQ] How can I capture the network traffic of the phone remotely?

UCS 5.1.1 officially added a remote packet capture option to the phone in order to troubleshoot issue and provide wireshark traces if required.

 

<capture diags.pcap.enabled="1"  diags.pcap.remote.enabled="1" />

 

Above Parameters activate the feature on the Phone. 

 

The UCS 5.1.0 Admin Guide describes this on page 170 in the Remote Packet Capture for Logs section.

 

  • To start using this feature please download Wireshark from => here <=

  • Start Wireshark after the installation and select the Capture Interface Options

    wireshark_rpcap_01.png

  • Manage Interfaces => Remote Interfaces => Add

    wireshark_rpcap_02.png.jpg

  • IP Address of the phone
    Port 2002
    Username: Polycom
    Password: MAC Address of the phone in lower case and no colon ( : )

    wireshark_rpcap_03.png

  • Once OK is pressed the interface should show up

    rpacp.PNG

  • Leave this menu via cancel

  • You are then able to select this new Interface

    rpacp1.PNG

  • If an error message in regards the Buffer appears please click on OK

    rpacp_bufferError.PNG

VLAN or additional Network Interfaces:

 

RPCAP_VLAN.png

 

In the above photo the Phone uses a VLAN 242 but on a Trio as an example the WiFi interface can be displayed and selected.

 

Additional Settings

 

In addition to the above Wireshark can also be configured to capture a rolling trace with options to set a duration or a certain file size or the amount of files to be captured.

 

  • Capture > Options > Output

    WireSharkSpecifyFile_01.png

    Filename: Testfile.pcap or Testfile.pcapng

    The above will create 100MB files up until Wireshark is stopped

    Ticking "Use a ring buffer with" Files can be used if the Trace should run for a certain duration i.e. an issue is reproduced but a "rolling" Trace should capture the issue. Make this a larger number so the event is not missed.

  • Capture > Options > Options

    WireSharkSpecifyFile_02.png

    The above allows to specify the amount of files that should be created until the Trace is being stopped automatically

  • Capture > Options > Input > Capture filter for selected interfaces

    WireSharkSpecifyFile_03.png

    The above is usually selected to ensure only the traffic of a certain device is captured

    Capture Range of Devices

    Example: (ether [0:4] & 0xffffff00 = 0x0004F200) or (ether [0:4] & 0xffffff00 = 0x64167F00) 

    The above will only capture data from a Polycom MAC Range 0004F2 or 64167F which covers usually the Polycom Phone Range.

  • VLAN's

    Traditionally Windows PC's do not capture the VLAN Tag to show in Wireshark
    VLAN_Explanation_01.png
    This must be enabled via a Registry entry:

    https://wiki.wireshark.org/CaptureSetup/VLAN
    http://www.intel.com/content/www/us/en/support/network-and-i-o/ethernet-products/000005498.html

    VLAN_Explanation_02.png

 

Troubleshooting:

 

Settings > Logging > Module Log Level Limits > Packet Capture > Event 1

 

0814203258|pcap |3|00|Successful RPCAP authentication
0814203259|pcap |3|00|Received RPCAP_MSG_OPEN_REQ
0814203259|pcap |3|00|Received RPCAP_MSG_STARTCAP_REQ
0814203259|pcap |3|00|Foreground Start event in Idle state
0814203259|pcap |1|00|RPCAP filter intruction: code=0x6 jf=0 jt=0 k=0x40000
0814203259|pcap |0|00|RPCAP data thread started
0814203259|pcap |3|00|Received RPCAP_MSG_UPDATEFILTER_REQ
0814203259|pcap |1|00|RPCAP filter intruction: code=0x28 jf=0 jt=0 k=0xc

 

Wireshark Error Message "Can't get list of Interfaces":

 

Using the functionality may cause this error

WireSharkError.png

To resolve this use Explorer and browse to

%userprofile%\AppData\Roaming\Wireshark

and delete “recent” and “Recent_common

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's
Message 1 of 2
1 REPLY 1
Highlighted
Polycom Employee & Community Manager

Re: [FAQ] How can I capture the network traffic of the phone remotely?

Wireshark Capture ObiEdition VVXx50

 

  • Browse to the IP address of the Phone
  • Enter the username and password, default is admin/admin
  • System Management > Device Admin > Packet Capture > On
    Obi_Wireshark_00.png

  • Replicate the issue and then turn off the trace
    Obi_Wireshark_01.png
  • System Management > Device Update > Extracting PCAP Capture Result > Click on 
    Press Extract to Start Process 
    Obi_Wireshark_02.png
----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's
Message 2 of 2