Chapter 4: Tools and Troubleshooting
VPN Concentrator Installation and Configuration Guide 39
4.1.4 Packet Capture
Packet capture capability can be used to capture packets and analyze them for debugging
purposes. This capability is only available through CLI. Packets can be filtered for capture by
on the basis of host, port, interface, etc. The captured packets are stored in a file in on RAM
disk in the VPN Concentrator with the extension “pcap”. Packets can be captured on eth0
(LAN port), eth1 (WAN port), and pppX (where X is a positive integer). pppX is the interface
that is associated with a remote phone. Capturing Packets for an Individual SSL Connection
Packets will need to be captured on eth0, eth1, and pppN (where N is a positive integer) for an
individual SSL connection. Following steps need to be taken to capture the packets for a given
SSL VPN connection:
1. Identify the PPP session associated with a given phone by obtaining the IP address
of the phone from the “Active Sessions” by using its MAC address. Once the IP
address of the phone has been identified, then use the “ifconfig” command to find
the PPP interface that has the phone’s IP address.
2. Create the disk space to store the captured information by issuing the following
command: “mount –t tmpfs tmpfs /etc/images –o size=8m
3. Capture the packets on eth0, eth1, and ppp0 (assuming that ppp0 has the same IP
address as the phone) by using the following command: “tcpdump -s 0 -ni ppp0 -w
/etc/images/PPP0.pcap & tcpdump -s 0 -ni eth0 host <private IP of Phone> -w /etc/
images/ETH0.pcap & tcpdump -s 0 -ni eth1 host <WAN public IP address> –w /etc/
4. Next, stop the packet capture by issuing the following command: “killall tcpdump
5. FTP the captured file “/etc/images/ETH1.pcap” to remote server so that it can be
viewed by a program like “wireshark” or sent to ShoreTel support team for analy-
Terms of Use | Privacy Policy | DMCA Policy