Performing a network packet capture

The packet capture utility allows you to capture network traffic to and from Conferencing Nodes in one or more locations, and the Management Node. Packet captures can be helpful when diagnosing various network issues, for example problems with DNS, NTP and firewalls.

If you are experiencing issues with your Pexip Infinity service, you may be asked by your Pexip authorized support representative to provide them with one or more packet captures of your system to assist them in diagnosis of the issue.

To perform a packet capture:

  1. From the Administrator interface, go to Utilities > Packet capture.
  2. Select the System locations where you want to run the packet capture and move them into the Chosen System locations list.

    The packet capture will run against all of the Conferencing Nodes in the chosen locations. It will capture both interfaces if a Conferencing Node has dual network interfaces.

    You can also choose the Management Node.

  3. IPsec traffic is captured by default.

    Clear the Capture IPsec traffic check box if you do not want to capture backplane IPsec traffic between Conferencing Nodes, in addition to regular user-facing traffic.

  4. Encryption keys for SIP, H.323 and WebRTC traffic, and IPsec traffic if that is also being captured, are captured by default.

    Clear the Log encryption keys check box if you do not want to capture encryption keys.

    The keys are captured in the log files so you’ll typically need to download a diagnostic snapshot as well.

  5. Select the Duration of the packet capture. It can be in the range 10-600 seconds.
  6. Select Start packet capture.

    All previous packet captures are deleted when a new packet capture is started. Make sure that you have downloaded any previous packet capture files that you want to keep.

    The capture will run for the specified duration. You cannot stop a packet capture after it has started.

    A Time remaining countdown will display while the packet capture is running.

  7. When the capture completes, the captured "pcap" files are listed at the bottom of the page.

    The page may take a few seconds to sync. If all of the expected files aren’t present after one minute then refresh the page.

  8. You can Download or Delete any or all of the individual packet capture files.

Taking a manual packet capture from non-communicating nodes

If a Conferencing Node has lost communication with the Management Node, or if otherwise instructed by your Pexip authorized support representative, you may have to perform a manual capture via a direct SSH connection with that node:

  1. Connect to the Pexip node over SSH (using Putty, SecureCRT or another SSH client), logging in as user admin.
  2. At the SSH command line, issue the following command, supplying the admin password when prompted.:

    sudo tcpdump -s0 -w /tmp/capture.pcap

    If the node has dual interfaces you need to add either the -i nic0 or -i nic1 switch to the tcpdump command, depending on which interface you want to capture.

    This starts a packet capture, storing the captured data in file /tmp/capture.pcap on the Pexip node.

  3. While the capture is running, the following output can be observed:

  4. To stop the capture, press Control + C in the SSH window:

    You can now close the SSH session.

  5. To download the captured file capture.pcap:

    1. Connect to the Pexip node with an SCP (Secure Copy) client, for example WinSCP — make sure to use SCP as the transfer protocol.
    2. Log in as user admin and supply the admin password.

    3. Navigate to folder /tmp and download the capture file, named capture.pcap.