In this section:
TShark is a tool that is used to analyze the network issues by capturing the packet traces. These captured packets are saved as .pcap files and Wireshark reads these packet traces.
To protect the system from overload, TShark captures one packet trace at a time.
The TShark 1.8 is the latest supported version.
Ensure that Wireshark application is installed and configure appropriately before proceeding.
On the main SBC screen, go to Troubleshooting > Troubleshooting Tools > TShark. The Run TShark Trace window is displayed.
The following fields are displayed.
For Platform Interface, choose the desired value from the Platform Interface drop-down list.
(Optional) For Filter, enter a valid Tshark filter syntax.
For Save log file as, enter the log file name.
Click Start Trace.
Status is updated to Trace Running.
Click Stop and Save Trace. The status is updated to Trace saved to a file <filename>.pcap
where <filename>
is the name of the saved log file.
To view the TShark log files, go to Troubleshooting > Call Trace/Logs/Monitors > Log Management. Select T-Shark from the list to view the logs. Refer to Log Management for more information.
T-Shark option is not available under the list until at least one trace is started, stopped and saved.
Files with the .
pcap
extension contains the Tshark trace. The Tshark program stops writing to the files after the file size exceeds 500 megabytes. The SBC halts the writing operation to stop creating excessively large file buffers. This limits the memory consumption by the Tshark program, and prevents system failure.