Plantronics + Polycom. Now together as Poly Logo

[FAQ] How can I capture the network traffic of the phone remotely?

Polycom Employee & Community Manager

[FAQ] How can I capture the network traffic of the phone remotely?

UCS 5.1.1 officially added a remote packet capture option to the phone in order to troubleshoot issue and provide wireshark traces if required.

 

<capture diags.pcap.enabled="1"  diags.pcap.remote.enabled="1" />

 

Above Parameters activate the feature on the Phone. 

 

The UCS 5.1.0 Admin Guide describes this on page 170 in the Remote Packet Capture for Logs section.

 

  • To start using this feature please download Wireshark from => here <=

  • Start Wireshark after the installation and select the Capture Interface Options

    wireshark_rpcap_01.png

  • Manage Interfaces => Remote Interfaces => Add

    wireshark_rpcap_02.png.jpg

  • IP Address of the phone
    Port 2002
    Username: Polycom
    Password: MAC Address of the phone in lower case and no colon ( : )

    wireshark_rpcap_03.png

  • Once OK is pressed the interface should show up

    rpacp.PNG

  • Leave this menu via cancel

  • You are then able to select this new Interface

    rpacp1.PNG

  • If an error message in regards the Buffer appears please click on OK

    rpacp_bufferError.PNG

VLAN or additional Network Interfaces:

 

RPCAP_VLAN.png

 

In the above photo the Phone uses a VLAN 242 but on a Trio as an example the WiFi interface can be displayed and selected.

 

Additional Settings

 

In addition to the above Wireshark can also be configured to capture a rolling trace with options to set a duration or a certain file size or the amount of files to be captured.

 

  • Capture > Options > Output

    WireSharkSpecifyFile_01.png

    Filename: Testfile.pcap or Testfile.pcapng

    The above will create 100MB files up until Wireshark is stopped

    Ticking "Use a ring buffer with" Files can be used if the Trace should run for a certain duration i.e. an issue is reproduced but a "rolling" Trace should capture the issue. Make this a larger number so the event is not missed.

  • Capture > Options > Options

    WireSharkSpecifyFile_02.png

    The above allows to specify the amount of files that should be created until the Trace is being stopped automatically

  • Capture > Options > Input > Capture filter for selected interfaces

    WireSharkSpecifyFile_03.png

    The above is usually selected to ensure only the traffic of a certain device is captured

    Capture Range of Devices

    Example: (ether [0:4] & 0xffffff00 = 0x0004F200) or (ether [0:4] & 0xffffff00 = 0x64167F00) 

    The above will only capture data from a Polycom MAC Range 0004F2 or 64167F which covers usually the Polycom Phone Range.

 

Troubleshooting:

 

Settings > Logging > Module Log Level Limits > Packet Capture > Event 1

 

0814203258|pcap |3|00|Successful RPCAP authentication
0814203259|pcap |3|00|Received RPCAP_MSG_OPEN_REQ
0814203259|pcap |3|00|Received RPCAP_MSG_STARTCAP_REQ
0814203259|pcap |3|00|Foreground Start event in Idle state
0814203259|pcap |1|00|RPCAP filter intruction: code=0x6 jf=0 jt=0 k=0x40000
0814203259|pcap |0|00|RPCAP data thread started
0814203259|pcap |3|00|Received RPCAP_MSG_UPDATEFILTER_REQ
0814203259|pcap |1|00|RPCAP filter intruction: code=0x28 jf=0 jt=0 k=0xc

 

Wireshark Error Message "Can't get list of Interfaces":

 

Using the functionality may cause this error

WireSharkError.png

To resolve this use Explorer and browse to

%userprofile%\AppData\Roaming\Wireshark

and delete “recent” and “Recent_common




<======== Signature / Disclaimer ========>
Please be aware:For questions about the type of support to expect please check here

Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's

Please remember, if you see a post that helped you , and it answers your question, please mark it as an "Accept as Solution".

The title Polycom Employee & Community Manager is an automatic setting within the community and any forum reply or post is based upon my personal experience and does not reflect the opinion or view of my employer.
Poly employee participation within this community is not mandatory and any post or FAQ article provided by myself is done either during my working hours or outside working hours, in my private time, and maybe answered on weekends, bank holidays or personal holidays.
Message 1 of 1