In this section:

Use the TShark tool to analyze the network issues by capturing the packet traces. These captured packets are saved as .pcap files and Wireshark reads these packet traces.

To protect the system from overload, TShark captures one packet trace at a time.

Note

The TShark 1.8 is the latest supported version.

Note

Ensure that Wireshark application is installed and configure appropriately before proceeding.

Capture Packet Trace

On the main SBC screen, go to Troubleshooting > Troubleshooting Tools > TShark. The Run TShark Trace window is displayed.


Figure 1: Run TShark Trace

The following fields are displayed.

Table 1: TShark Trace Parameters

Parameter Description
Platform Interfaces

Drop-down list of different platform interfaces available for capturing the packet traces. 

NicenessOption to run TSHARK with different Niceness levels. Allows you to perform troubleshooting during peak hours. The Niceness option displays as a drop-down with the range -20 to 19. If you change the Niceness value from the default value (19), a warning message displays indicating that running the TSHARK with a different Niceness value can impact the system's performance.
Filter  Optional field to enter a TShark filter. For example, to capture the ppkt2 interface traffic (media signaling) to and fro IP address 172.18.5.4, enter host 172.18.5.4.

Save log file as 

Option to enter the name of the packet trace to be saved.

Status

Specifies the status of the packet trace.

Start a Trace

  1. For Platform Interface, choose the desired value from the Platform Interface drop-down list.

  2. Select the Niceness value from the drop-down. 

    Note

    When the default Niceness value is changed and the trace is started, a warning message shown in the figure below displays.



  3. (Optional) For Filter, enter a valid Tshark filter syntax.

  4. For Save log file as, enter the log file name.

  5. Click Start Trace.

    Status is updated to Trace Running.

  6. Proceed to next section to stop and save the trace file.

Stop and Save Trace

  1. Click Stop and Save Trace. The status is updated to Trace saved to a file <filename>.pcap where <filename> is the name of the saved log file.

  2. To view the TShark log files, go to Troubleshooting > Call Trace/Logs/Monitors > Log Management. Select T-Shark from the list to view the logs. Refer to Log Management for more information.

    Note

    T-Shark option is not available under the list until at least one trace is started, stopped and saved.

Note

Files with the .pcap extension contains the Tshark trace. The Tshark program stops writing to the files after the file size exceeds 500 megabytes. The SBC halts the writing operation to stop creating excessively large file buffers. This limits the memory consumption by the Tshark program, and prevents system failure.