Tony Mountifield
2012-Jan-19 23:25 UTC
[asterisk-users] Efficient logging of PRI traffic for later analysis?
Often, when I want to be able to do post-mortem analysis of network traffic, I can have a suitable tcpdump with -w to capture raw packets for later analysis with Wireshark. On some systems I have this running continuously on the SIP port. Is there any way of doing something similar with PRI ISDN protocol? I certainly don't want to have pri span debug running all the time, but from time to time I do get customer queries about calls that have failed or dropped for some reason, and it would be very useful to be able to view the PRI exchange retrospectively. So I'd like the ability efficiently to log PRI traffic raw to a file and then interpret it later. Does anything like this exist already? Or could anyone point me in the right direction for developing something? Cheers Tony -- Tony Mountifield Work: tony at softins.co.uk - http://www.softins.co.uk Play: tony at mountifield.org - http://tony.mountifield.org
Kevin P. Fleming
2012-Jan-19 23:29 UTC
[asterisk-users] Efficient logging of PRI traffic for later analysis?
On 01/19/2012 05:25 PM, Tony Mountifield wrote:> Often, when I want to be able to do post-mortem analysis of network > traffic, I can have a suitable tcpdump with -w to capture raw packets > for later analysis with Wireshark. On some systems I have this running > continuously on the SIP port. > > Is there any way of doing something similar with PRI ISDN protocol? > I certainly don't want to have pri span debug running all the time, > but from time to time I do get customer queries about calls that have > failed or dropped for some reason, and it would be very useful to be > able to view the PRI exchange retrospectively. So I'd like the ability > efficiently to log PRI traffic raw to a file and then interpret it later. > > Does anything like this exist already? Or could anyone point me in > the right direction for developing something?Search for 'DAHDI pcap'; in recent versions of DAHDI it has become possible to generate PCAP dumps of HDLC traffic on D-channels (which could be ISDN, Q.SIG, SS7, etc.). -- Kevin P. Fleming Digium, Inc. | Director of Software Technologies Jabber: kfleming at digium.com | SIP: kpfleming at digium.com | Skype: kpfleming 445 Jan Davis Drive NW - Huntsville, AL 35806 - USA Check us out at www.digium.com & www.asterisk.org