espace UC V100R002C01SPC100 Troubleshooting Guide HUAWEI TECHNOLOGIES CO., LTD. Issue 02 Date

(1)

eSpace UC

V100R002C01SPC100

Troubleshooting Guide

Issue 02

Date 2012-07-04

(2)

Issue 02 (2012-07-04) Huawei Proprietary and Confidential

No part of this document may be reproduced or transmitted in any form or by any means without prior written consent of Huawei Technologies Co., Ltd.

Trademarks and Permissions

and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.

All other trademarks and trade names mentioned in this document are the property of their respective holders.

Notice

The purchased products, services and features are stipulated by the contract made between Huawei and the customer. All or part of the products, services and features described in this document may not be within the purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information, and recommendations in this document are provided "AS IS" without warranties, guarantees or representations of any kind, either express or implied.

The information in this document is subject to change without notice. Every effort has been made in the preparation of this document to ensure accuracy of the contents, but all statements, information, and recommendations in this document do not constitute the warranty of any kind, express or implied.

Huawei Technologies Co., Ltd.

Address: Huawei Industrial Base

Bantian, Longgang Shenzhen 518129

People's Republic of China Website: http://www.huawei.com Email: [email protected]

(3)

ii

1 Troubleshooting Overview ... 1

1.1 Fault Levels ... 1

1.2 Precautions ... 2

1.3 Requirements for Maintenance Personnel ... 3

1.4 Overall Troubleshooting Process... 3

1.4.1 Overall Troubleshooting Flowchart... 4

1.4.2 Collecting Fault Scenario Information ... 4

1.4.3 Evaluating a Fault ... 4

1.4.4 Locating and Rectifying the Fault ... 5

1.4.5 Verifying That the Fault Is Rectified ... 5

1.4.6 Generating a Troubleshooting Report ... 5

1.4.7 Seeking Help from Huawei ... 5

1.5 Huawei Technical Support ... 6

2 Fault Information Collection ... 7

2.1 Check Items for Fault Information Collection ... 7

2.2 Operation Procedure Information Collection ... 8

2.3 Fault Information Collection on the eSpace Client ... 8

2.4 Signaling Tracing ... 9

2.5 Packet Capture ... 11

2.5.1 Cyclic Packet Capture ... 11

2.5.2 Remote Packet Capture ... 15

2.5.3 Wireshark ... 17

2.6 Log Collection ... 46

2.6.1 UC Log Files ... 46

2.6.2 Log Collection Methods ... 50

2.7 Common Query Commands ... 51

3 Fault Locating Methods ... 57

3.1 Alarm Analysis ... 57

3.2 Network Information Analysis ... 59

3.3 Configuration Analysis ... 63

3.3.1 BMU Faults ... 63

(4)

iii

3.3.3 eSpace Meeting Faults ... 66

3.3.4 Console System Faults ... 67

3.4 Signaling Analysis ... 67

3.4.1 SIP Voice or Video Call Signaling... 68

3.4.2 Narrowband Trunk Outgoing or Incoming Call Signaling ... 72

3.5 Log Analysis... 72

3.5.1 BMU Logs... 72

3.5.2 CDR Logs ... 73

3.5.3 eSpace Client Logs ... 73

4 Login Faults ... 75

4.1 Background ... 75

4.2 Fault Locating Reference ... 76

4.3 Troubleshooting Examples ... 77

4.3.1 BMU Login Failure ... 77

4.3.2 eSpace Login Failure... 79

5 eSpace Service Usage Faults ... 82

5.3.1 Offline ... 83

5.3.2 Startup Failure ... 86

5.3.3 Call Failure ... 88

5.3.4 Poor Call Voice... 91

5.3.5 Failure to Send Instant Messages ... 95

6 License Faults ... 97

6.2.1 BMU License Unavailability ... 97

6.2.2 Failure to Load the License on the Unified Gateway ... 99

7 Conference Service Faults... 101

7.3.1 Failure to Initiate an Instant Conference ... 102

8 Console System Service Faults ... 104

(5)

iv

9 CDR Faults ... 107

9.3 Troubleshooting Examples ... 109 9.3.1 Failure to Query CDRs on the BMU ... 错误！未定义书签。

(6)

1

Troubleshooting Overview

About This Chapter

This topic describes the classification of fault levels, troubleshooting precautions, basic troubleshooting processes, and method for obtaining Huawei technical support. 1.1 Fault Levels

Depending on the impact and scope of a fault, faults are classified as either emergency faults or ordinary faults.

1.2 Precautions

This topic describes the precautions to be taken during fault locating and handling. 1.3 Requirements for Maintenance Personnel

Only the qualified personnel can maintain the UC products. 1.4 Overall Troubleshooting Process

This topic describes the overall troubleshooting process. 1.5 Huawei Technical Support

1.1 Fault Levels

Depending on the impact and scope of a fault, faults are classified as either emergency faults or ordinary faults.

Table 1-1 describes the methods for locating and processing emergency faults and ordinary faults.

Table 1-1 Fault levels Fault

Level Description Locating Method Handling Method

Emergen cy fault

Emergency faults refer to those that severely affect service

operation, including interruption of

Locate the faulty component or module as soon

Recover services immediately and locate the root causes

(7)

2 Fault Level Description Locating Method Handling Method most services and charging

exceptions. Table 1-2 describes the emergency fault judging criteria of Unified Communications (UC) products.

as possible. of the fault.

Ordinary fault

Ordinary faults refer to those that are not emergency faults.

Find the root cause.

Rectify the fault.

Table 1-2 Emergency fault judging criteria of UC products Service and

Function Criteria

Access service  _{More than 20% voice call services fail for more than 60 seconds.}  _{More than 20% data services fail for more than 60 seconds.}

CDR service More than 50% CDR services fail for more than 60 minutes. Service management More than 20% users cannot use service management functions

handling for more than 10 minutes.

1.2 Precautions

This topic describes the precautions to be taken during fault locating and handling.

 _{Determine whether a fault is an emergency fault. If a fault is an emergency fault, recover}

services quickly by referring to the Emergency Maintenance.

 _{Comply with the operation regulations and industry security regulations to ensure your}

safety and equipment security.

 _{Take electrostatic discharge (ESD)-preventive measures; for example, wear ESD wrist}

straps when replacing device parts.

 Do not access the service network using any unauthorized computers.

 Control the use of network services.

 _{Record detailed information about problems that occur during maintenance.}

 _{Record information about all significant operations, for example, restarting a process or}

enabling the debug function. Before performing such operations, check the feasibility of the operations, back up data, and prepare emergency and safety measures. Ensure that the operations are performed by qualified engineers.

Exercise caution when you:

 _{Delete a directory or a file from the system.}  Modify database configuration files.

(8)

3

 _{Delete system or database log files.}

 Update, delete, alter, or drop data in the database.

 Stop a system module.

 Stop the system, database, and application processes.

 _{Run the kill command.}

 Modify the configuration of a network device.

1.3 Requirements for Maintenance Personnel

Only the qualified personnel can maintain the UC products.

 _{Have a basic knowledge of network devices, Windows and Linux operating systems, and}

SQL Server and Oracle databases; be capable of using the common operation commands related to network devices, operating systems, and databases; be capable of

implementing maintenance using operation commands.

 _{Be familiar with the network of the UC service system and physical connections between}

onsite devices.

 _{Be familiar with the service process and system structure of the UC, and be skilled in}

operating the UC components.

 Understand how to collect fault information.

 _{Be able to use common troubleshooting tools.}  _{Be proficient in remote maintenance.}

1.4 Overall Troubleshooting Process

(9)

4

1.4.1 Overall Troubleshooting Flowchart

Figure 1-1 Overall troubleshooting flowchart

1.4.2 Collecting Fault Scenario Information

Collect information pertaining to a fault as specified in 2 Fault Information Collection.

 Fault occurring time and place

 Network and component version information

 _{Description of the fault symptom}

 _{Services that are affected by the fault, and the scope and impact of the fault}

 _{Operations that a user or a maintenance engineer performed before the fault occurred}  _{Measures that have been taken after the fault occurred and the results}

1.4.3 Evaluating a Fault

Upon receiving the fault information, determine whether the fault is an emergency fault. If it is an emergency fault, see the Emergency Maintenance to recover the services; if it is not an emergency fault, see this document to locate and rectify the fault.

(10)

5

1.4.4 Locating and Rectifying the Fault

Locating the Fault

Locate the fault on the following layers:

 _{Component layer: Locate the specific component where the fault occurred, for example,}

a database.

 Module layer: After finding the faulty component, locate the faulty module, for example, the database listening port.

Collecting Fault Information

After locating the faulty component, collect detailed information about the component, including the network, version number, logs, call detail records (CDRs), error codes, alarms, and memory information.

For details, see 2 Fault Information Collection.

Rectifying the Fault

After the faulty module is located, take measures to rectify the fault.

1.4.5 Verifying That the Fault Is Rectified

After taking appropriate measures to rectify the fault, verify the results.

1.4.6 Generating a Troubleshooting Report

It is recommended that a fault analysis report contain the following topics:

 _Symptom  Fault locating

 _{Troubleshooting}  _{Preventive suggestions}

1.4.7 Seeking Help from Huawei

For the methods of obtaining technical support from Huawei, see 1.5 Huawei Technical Support.

Before contacting Huawei technical support for help, prepare the following information:

 Full name of the office where the fault occurs

 Contact information, including a contact name and a fixed-line phone number or a mobile number

 Network and component version information

 _{Fault scenario and symptoms}

(11)

6

1.5 Huawei Technical Support

Table 1-3 describes the methods for obtaining Huawei technical support. Table 1-3 Methods for obtaining Huawei technical support

If you... Please... At...

Come across an emergency fault

Dial the customer service center hotline

4008302118

Contact the globe technical support center

The contact address obtained from http://support.huawei.com

Come across an ordinary fault

View troubleshooting cases

This document or product documents and cases at http://support.huawei.com

(12)

7

2

Fault Information Collection

About This Chapter

This topic describes the basic fault information collection methods. When a fault occurs, use these methods to collect fault information and locate the fault.

2.1 Check Items for Fault Information Collection

If a fault cannot be rectified, collect fault information and send it to Huawei technical support. 2.2 Operation Procedure Information Collection

If the fault can recur, and the description or screenshots of the configuration and operations performed before the fault occurs are obtained, the fault can be located and rectified easily. 2.3 Fault Information Collection on the eSpace Client

The debughelp.bat tool is used to collect detailed eSpace fault information. 2.4 Signaling Tracing

In the UC system, the eSpace EMS is provided to trace signaling. 2.5 Packet Capture

Packets are captured and analyzed to check the correctness. Therefore, packet capture is a major measure to locate faults.

2.6 Log Collection

Each UC component provides the log function to record system operation and running information, including fault information.

2.7 Common Query Commands

This topic describes the common query commands in the Linux operating system, Oracle database, Unified Gateway, and IAD.

2.1 Check Items for Fault Information Collection

If a fault cannot be rectified, collect fault information and send it to Huawei technical support. Refer to Fault Inormation Collection.

(13)

8

2.2 Operation Procedure Information Collection

If the fault can recur, and the description or screenshots of the configuration and operations performed before the fault occurs are obtained, the fault can be located and rectified easily. The operation procedures include the BMU, UC service, and Unified Gateway operation procedures.

2.3 Fault Information Collection on the eSpace Client

The debughelp.bat tool is used to collect detailed eSpace fault information.

Procedure

Step 1 Go to the installation directory of the eSpace client.

1. Right-click the eSpace client icon and choose Properties. 2. Click Find Target in the dialog box that is displayed. Step 2 Double-click debughelp.bat.

The NetCap window is displayed.

Step 3 Click START to start information collection.

Step 4 Re-perform the operation where the fault occurs, for example, logging in to the eSpace client. Step 5 After the fault reoccurs, click STOP on the NetCap page to stop information collection.

A dialog box indicating the information storage path is displayed. Step 6 Click OK.

The file where the fault information is saved is displayed. Step 7 Obtain the file.

Fault information files are named by the date and time, for example, 2011-7-4 16_19_24.916.zip.

Table 2-1 describes the collected fault information. Table 2-1 eSpace client fault information collection

File/Folder Name Description

log Contains client run logs and SVN configuration data. config Contains client configuration data.

capture1.cap Contains network packets collected by the debughelp.bat. ecs.ini Contains client version information and run parameters. plugin.ini Contains client plug-in parameters, including the enterprise

address book, instant message, and SMS message parameters. server.ini Contains server login and call rule information.

(14)

9

File/Folder Name Description

system.txt Contains PC hardware, operating system, and drive information. USBPhone.ini Contains USB phone configuration data.

----End

2.4 Signaling Tracing

In the UC system, the eSpace EMS is provided to trace signaling.

Prerequisites

The eSpace EMS has been deployed.

Context

The eSpace EMS manages the security, faults, performance, topology, access, and configurations.

The eSpace EMS can trace the Session Initiation Protocol (SIP) signaling, primary rate access (PRA) signaling, R2 signaling, Signaling System No.7 (SS7) signaling, and user messages.

Tracing signaling affects the performance of the Unified Gateway. Therefore, when signaling does not need to be traced, stop the corresponding tracing task in time.

Procedure

Step 1 Log in to the eSpace EMS GUI.

Step 2 Choose Resource > Topology Management from the main menu. The Topology Management page is displayed.

Step 3 In the topology, select the target NE, click , and choose Manage from the displayed menu, as shown in Figure 2-1.

The XXX Management window is displayed. In the window name, XXX indicates an NE name.

Figure 2-1 Topology view

(15)

10 Step 5 Right-click a signaling type (for example, Broadband Signal > SIP), as shown in Figure 2-2.

Figure 2-2 Creating a signaling tracing task

Step 6 Choose Add.

The Add Task dialog box is displayed. Step 7 Set parameters as prompted and click OK.

A task node appears under the signaling type in the navigation tree. When the system time of the Unified Gateway reaches the time specified by Start time, a task tab page indicating the traced signaling is displayed on the right, as shown in Figure 2-3.

Figure 2-3 SIP signaling

(16)

11

 _{Click Lock, set the search criteria (case sensitive), and click Search. Fuzzy query is}

supported. The signaling meeting the search criteria is displayed in the window.

 _{Click Export to export the signaling.}

 Click Details in the Details column to view signaling details. ----End

Follow-up Procedure

Analyze signaling to locate the fault by referring to 3.4 Signaling Analysis.

2.5 Packet Capture

Packets are captured and analyzed to check the correctness. Therefore, packet capture is a major measure to locate faults.

2.5.1 Cyclic Packet Capture

Remote packet capture and cyclic packet capture are performed in specified environments.

Step 1 for Cyclic Packet Capture: Start Cyclic Packet Capture

When a fault occurs occasionally and the occurrence time is uncertain, use cyclic packet capture to obtain fault information. The Wireshark tool provides the packet capture function in command-line mode on common PCs.

You can specify the size and quantity of packets to be captured. For example, set each packet size to 10 MB and set the number of packets captured in a period to 100. In this case, the 101st packet overwrites the first packet.

The requirements on the work environment are as follows:

 _{The hard disk space for storing packets on the PC is sufficient.}

 The packet filter and recombination tool capfil is obtained, which can be downloaded on Internet.

Step 1 Choose Start > Run. Step 2 Enter cmd and press Enter.

The command-line interface (CLI) is displayed.

Step 3 Run the cd dir command to go to the Wireshark installation directory, as shown in Figure 2-4.

In the preceding command, dir specifies the Wireshark installation path. If the Wireshark installation path is not on disk C, run the preceding command, and then enter disk letter:, for example, d: and press

(17)

12 Figure 2-4 Going to the Wireshark installation directory

Step 4 Query the current PC network interface card (NIC) index and description to determine the NIC used for packet capture.

1. Open the Local Area Connection Properties dialog box to query the NIC model used, as shown in Figure 2-5.

Figure 2-5 Querying the NIC model

2. Run the dumpcap -D command on the CLI to query the NIC index number, as shown in Figure 2-6.

(18)

13 Figure 2-6 Querying the NIC index number

Step 5 Start cyclic packet capture.

In this example, set each packet size to 100 MB, and set the number of packets captured in each period to 100. In this case, about 10 GB disk space is required. Ensure the sufficient disk space.

Run the following command to start cyclic packet capture, as shown in Figure 2-7.

dumpcap -i 2 -w D:\aa.pcap -b filesize:100000 -b files:100

Figure 2-7 Starting cyclic packet capture

Table 2-2 Parameter description

Parameter Description

-i NIC index number.

-w Name of the file for storing captured packets.

-b Cyclic packet capture.

filesize Each packet size, in kbit.

files Total number of packets captured in each period.

To obtain the online help of the dumpcap command, run the dumpcap -h command.

(19)

14

Step 2 for Cyclic Packet Capture: Stop Packet Capture

After starting cyclic packet capture, the administrator can leave the equipment room. When receiving the fault report, the administrator must return to the equipment room immediately and stop packet capture.

Step 1 Press Ctrl+C on the CLI to stop packet capture. ----End

Step 3 for Cyclic Packet Capture: Filter and Recombine Packets

Cyclic packet capture takes a long period of time and the captured packet size is large. It is difficult to send the packets to Huawei engineers.

The capfil tool helps to solve this problem. The tool has the following functions:

 Reads multiple files in wildcard form and generates a file after filtering

 _{Filters packets by time segment}

 Filters packets by IP address and port number

Step 1 Change the file name extension of the captured packets in step 1 to .cap. Step 2 Save the capfil.exe file and packets in the same path, for example, D:\cap. Step 3 Open the CLI, and run the cd dir command to go to the packet directory.

In the preceding command, dir specifies the packet path. If the packet path is not on disk C, run the preceding command, and then enter disk letter:, for example, d: and press Enter.

Step 4 Filter and recombine packets by filtering criteria based on the fault scenario.

The parameters such as time, IP address, and port number in the following commands are examples. Change them based on the site scenario.

 _{Run the following command to filter all packets. The command contains the fault source}

IP address, and fault occurrence start time and end time. The obtained data after filtering is stored in the out.cap file.

capfil -r *.cap -w out.cap -stime "2011-08-8 10:00:00" -etime "2011-08-8 10:30:00" -ip "10.166.10.10"

 _{Run the following command to filter packets by port number. Assume that the port}

number is the default SIP port number 5060. The data obtained after filtering is stored in the out2.cap file.

capfil -r *.cap -w out2.cap -udpport 5060

 _{Run the following command to filter packets by IP address. The packets of the IP}

addresses in the command are obtained. The obtained data after filtering is stored in the out3.cap file.

capfil -r *.cap -w out3.cap -ip "10.166.10.10" -ip "10.166.10.11" -ip "10.166.10.12"

To obtain the online help of the capfil command, run the capfil/? command.

(20)

15

2.5.2 Remote Packet Capture

When maintenance engineers are in other locations and cannot capture network packets in equipment rooms, they can use the remote packet capture tool to connect remote PCs to devices' network ports and capture network packets.

Context

In UC solution, only the IAD supports remote packet capture,The IAD does not support remote packet capture on the VLAN. If the VLAN tag is configured for data or the VLAN is configured for the FE port, remote packet capture cannot be performed.

Procedure

Step 1 Install the IAD packet capture tool recvTool on a PC. Step 2 Log in to the IAD as the administrator.

This topic describes how to capture the user signaling and media stream on IAD132E(T) port 3.

Step 3 Set the packet export network port to FE1 or FE2 port on the IAD.

TERMINAL(advanced-config)#capture outinterface fe

Step 4 Set the IP address of the packet capture server to the IP address of the PC where the IAD packet capture tool is installed. Use the default port number 58000.

TERMINAL(advanced-config)#capture server ipaddress 192.166.1.200

Step 5 Enable the signaling capture function.

TERMINAL(advanced-config)#capture signal on

Step 6 Enable the user media stream capture function on port 3 and set the packet capture direction to two-way.

TERMINAL(advanced-config)#capture media start direction all userport 3

Step 7 Double-click to start the packet capture tool.

Step 8 Click ... and enter the name of the file for storing captured packets, for example, iad1, as shown in Figure 2-8.

(21)

16 Figure 2-8 Configuring the packet capture tool

Step 9 Click Save. Step 10 Click Start.

Check whether the connection between the IAD and the remote packet capture server has been established on the IAD. If the following information is displayed, the connection has been established, and the packet capture tool starts capturing packets.

TERMINAL(config)#display capture

======================================================== state: server started

The config of capture:

capture server IP address: 192.163.1.40 capture server UDP port: 58000

capture mode: all captured output interface: FE1/2

=======================================================

 If the message "WARNING:The capture server can not reach!" is displayed, the connection has not been established. Check the connection after 30 seconds. If the message is not displayed, the connection has been established.

 When the size of the file for storing captured packets reaches 30 MB, the file is saved automatically, a new file is generated, and the packet capture continues.

 Do not operate the file during packet capture. Otherwise, the file may be incomplete.

Step 11 Click Stop or Quit after packet capture is complete.

Step 12 Start the Wireshark, and import the file, for example, iad1.cap, for storing captured packets to view relevant data.

(22)

17

2.5.3 Wireshark

Wireshark is a tool for capturing and analyzing network packets. Wireshark converts the binary data streams to text and figures that are easy to understand. Use Wireshark to capture signaling on a certain port to determine whether the port is faulty.

Tool Introduction

Obtaining Method

Access http://www.wireshark.com and download the Wireshark installation file.

User

 Maintenance engineers

 _{Test engineers}

Function

Captures packets and analyzes signaling such as SIP, PRA, SS7, and R2.

Function Description

The Wireshark can run in various operating systems, such as the UNIX, Linux, and Windows operating systems.

The Wireshark provides the following functions:

 Captures messages on running nodes.

 Analyzes data that is captured from the network.

 _{Analyzes hard disk data that is captured by other tools.}

Common Operations and Menus

This topic describes the common operations and menus of the Wireshark. For details about the menu functions, see the Wireshark online help.

1.Wireshark Main Page

The ARP.cap - Wireshark page consists of six panes: menu pane, shortcut button pane, filter pane, packet list pane, packet details pane, and packet bytes pane, as shown in Figure 2-9.

(23)

18 Figure 2-9 ARP.cap - Wireshark page

Menu Pane

The menu pane contains the following menus:

 _File

Contains items to open and merge capture files, save, print, or export capture files in whole or in part, and to exit the Wireshark.

 _Edit

Contains items to find a packet, mark one or more packets, and set your preferences (such as fonts, color, time format, and parsing application), and then save the preferences as default settings.

 View

Controls the display of the captured data, such as time format and color of packets transmitted using different protocols.

 _Go

Contains items to go to a specific packet.

 _Capture

Allows you to set capture parameters, including selecting network adapters, starting and stopping captures.

 Analyze

Allows you to enable or disable protocol dissectors.

 Statistics

Contains items to display various statistic windows, including a summary of the packets that have been captured and displaying protocol hierarchy statistics.

(24)

19 Contains items to help users, such as access to some basic help, a list of supported protocols, and user guides.

Shortcut Button Pane

Lists the shortcut buttons for common functions.

When the pointer is moved to a button, its function is displayed.

Filter Pane

Specifies the filter expression. You can set the filter expression to filter out only the required packets for analysis. For details about the filter expression usage, see SIP Protocol Analysis.

Packet List Pane

Lists all packets according to the time, address, and protocol.

 _{The Wireshark displays the protocols and types of the packets that can be parsed.}  _{The Wireshark marks the packets whose formats or processes are faulty with colors.}

Because the Wireshark is not entirely intelligent, the marks can be used only for reference, not as the analysis basis. For detailed analysis, view the packet content and analyze the packet based on the signaling process.

Packet Details Pane

Displays packet contents by protocol or network layer. The Wireshark parses all fields if a packet can be parsed. The Wireshark analyzes TCP packets based on packet serial numbers to check the signaling process.

Packet Bytes Pane

Displays the original packet contents in the hexadecimal format on the left, with the matching ASCII characters on the right.

2.Common Operations

Context

The Wireshark can be used only after it is bound to a network adapter. After being installed on a PC, the Wireshark can capture only the packets passing through this network adapter. Therefore, before using the Wireshark to capture packets, configure the network to ensure that packets can be sent to the network adapter to which the Wireshark is bound.

(25)

20

Procedure

Step 1 Double-click to start the Wireshark.

The Wireshark main page is displayed, as shown in Figure 2-10. Figure 2-10 Wireshark main page

Step 2 Choose Capture > Options.

(26)

21 Figure 2-11 Wireshark: Capture Options page

Main areas on the Wireshark: Capture Options page are described as follows:

 _Capture − Interface

Specifies the network adapter for capturing packets.

After the Wireshark is installed, the system automatically generates a logical network adapter, as shown in Figure 2-11. In addition to the logical network adapter, a physical network

adapter is required. During the actual packet capture, select a correct physical network adapter, especially for a host with multiple network adapters. A physical network adapter will be displayed in the drop-down list box only after the WinPcap is installed. The network adapter in this example is only a logical network adapter, not the physical network adapter for capturing packets.

− Capture Filter

Specifies the filter criteria. The Wireshark captures only the packets that comply with the filter criteria. For example, if Capture Filter is set to host 10.138.5.10, only packets sent and received by the host whose IP address is 10.138.5.10 will be captured.

(27)

22 Table 2-3 describes the filter criteria categories specified by Capture Filter.

Table 2-3 Filter criteria categories specified by Capture Filter

Filter Criteria Category Example

Capture the packets passing through the MAC address 08:00:08:15:ca:fe

ether host 08:00:08:15:ca:fe

Capture the packets passing through the IP address 192.168.0.10

host 192.168.0.10

Capture the packets passing through the TCP port 80

tcp port 80

Capture the packets sent and received by the IP address 192.168.0.10, excluding the HTTP packets (packets passing through the TCP port 80)

host 192.168.0.10 and not tcp port 80

 Capture File(s)

Specifies the path for automatically saving the captured packets as files. Ensure that the destination hard disk has sufficient free space.

 _{Display Options}

Specifies whether to display the real-time capture results during the packet capture.

− Select Update list of packets in real time. The packet list is displayed on the Wireshark main page.

− Select Automatic scrolling in live capture. If the captured results exceed one screen, the results are displayed in automatic scrolling mode.

− Deselect Hide capture info dialog. The Captured Packets page shown in Figure 2-12 is displayed during the packet capture, with the real-time information about the numbers of captured packets of various protocols.

(28)

23 Figure 2-12 Captured Packets page

Step 3 Click Start.

The Wireshark starts to capture packets. The ARP.cap - Wireshark page is displayed, as shown in Figure 2-13.

(29)

24 Step 4 Recur the fault.

Step 5 Choose Capture > Stop.

The Wireshark stops capturing packets. Step 6 Choose File > Save As.

The Wireshark: Save file as page is displayed. Name the file and set the save path as prompted.

Step 7 Click OK.

The captured results are saved.

Step 8 Choose File > Quit to exit the Wireshark. ----End

Filter Rules for the Captured Package Information

The Wireshark uses simple expressions to implement the powerful filtering function. A user can specify the source IP address, destination IP address, and packet field contained in a protocol or packet, or combine any of the preceding filter criteria. The Wireshark supports various logical operations, such as ==, !=, >, <, and, or.

Different from Capture Filter under the Option submenu of Capture, the filter rule specifies the packet capture results that are displayed, as shown in Figure 2-14.

Figure 2-14 Displaying packets transmitted using GTP

1.Filter Expression Rules

Comparison Symbols

The Wireshark can use comparison symbols (English words or operators) to form filter expressions. Table 2-4 describes the comparison symbols used in filter expressions.

(30)

25 Table 2-4 Comparison symbols used in filter expressions

English Operator Description and Setting

eq == Equal to ip.addr==10.138.21.5 ip.addr eq 10.138.21.5 ne != Not equal to !(ip.addr == 10.138.21.5) !(ip.addr eq 10.138.21.5) gt > Greater than frame.pkt_len > 10 frame.pkt_len gt 10 lt < Smaller than frame.pkt_len < 128 frame.pkt_len lt 128

ge >= Equal to or greater than

frame.pkt_len >= 0x100 frame.pkt_len ge 0x100

le <= Smaller than or equal to

frame.pkt_len <= 0x20 frame.pkt_len le 0x20

Logical Operators

The Wireshark can use logical operators to combine multiple filter expressions. For example, if you want to filter out packets that are transmitted using the GPRS tunneling protocol (GTP) and through the IP address 10.138.21.5, use the filter expression gtp &&

ip.addr==10.138.21.5. Table 2-5 describes the logical operators used in filter expressions. Table 2-5 Logical operators used in filter expressions

English Operator Description and Setting

and && And

ip.addr==10.0.0.5 and tcp.flags.fin or || Or ip.addr==10.0.0.5 or ip.addr==192.1.1.1 not ! Not not llc

(31)

26

Setting Protocol Fields

To set the protocol fields, proceed as follows: 1. Set filter criteria.

− Enter the protocol fields in the Filter text box.

For example, if you want to filter out TCP packets that are transmitted through port 1022, enter tcp.port==1022, as shown in Figure 2-15.

Figure 2-15 Protocol field example

− Customize filter expressions. a. Click Expression next to Filter.

The Wireshark: Filter Expression dialog box is displayed, as shown in Figure 2-16. Figure 2-16 Wireshark: Filter Expression dialog box

b. Select a field, select a relation, and then enter a value in the Value (IPv4 address) test box, as shown in Figure 2-16.

(32)

27 c. Click OK.

Check whether a filter expression is correct.

− If the filter expression is correct, the background color of the Filter text box is green, as shown in Figure 2-17.

Figure 2-17 Displayed Filter text box if the filter expression is correct

− If the filter expression is incorrect, the background color of the Filter text box is dark pink, as shown in Figure 2-18.

Figure 2-18 Displayed Filter text box if the filter expression is incorrect

2. Press Enter or click Apply.

The packets that meet the filter criteria are displayed.

Common Filter Expressions

Common filter expressions used to filter out packets are as follows:

 Filter expressions that specify protocols

− ip − icmp − tcp − gtp − gre − http

 _{Filter expressions that specify addresses} − IP address ip.addr==10.161.225.1 − Source IP address ip.src==10.161.225.1 − Destination IP address ip.dst==10.161.225.1

(33)

28

− Source Media Access Control (MAC) address eth.src == 00:e0:fc:44:5e:a1

− Source User Datagram Protocol (UDP) port udp.srcport == 2123

 _{Filter expressions that specify fields (message types)} − GTP Echo Request messages

gtp.message == 0x01

− Remote authentication dial-in user service (RADIUS) accounting request or response messages

radius.code == 4 || radius.code == 5

Filtering Segment Packets

Use the filter criteria !(ip.frag_offset == 0) to check whether segment packets exist.

Choose Analyze > Expert Info. If TCP Bad checksum is displayed, segment packets may exist, as shown in Figure 2-19. The Wireshark does not combine segment packets or verify that Checksum is correct. Therefore, Bad checksum is displayed.

Figure 2-19 Suspicious packets displayed on the Expert Infos page

The Ethernet allows a maximum data frame length of 1,500 bytes and the IEEE 802.3 allows a

maximum data frame length of 1492 bytes. Maximum data frame length at the link layer is called a Max Transfer Unit (MTU). Most networks have an MTU. If a packet sent from the IP layer is greater in size than the MTU at the link layer, the packet must be divided into fragments whose sizes are smaller than the MTU.

2.Filter Expression Construction Tips

(34)

29 1. Expand the message parsing contents.

2. Right-click a field, and then choose Apply as Filter > Selected.

The field is set as a filter criterion and displayed in the Filter text box, and the corresponding data packets are displayed based on this expression, as shown in Figure 2-20.

Figure 2-20 Setting a field as a filter criterion and starting the filtering immediately

The differences between the Prepare a Filter menu and the Apply as Filter menu are as follows:

− After you choose Apply as Filter > Selected, the selected field is set as the filter criterion directly and the data packets that meet the filter criterion are displayed immediately.

− After you choose Prepare a Filter > Selected, the selected field is displayed in the Filter text box but no filter is performed. You can modify the filter criterion as required. After you click Apply, data packets that meet the filter criterion are displayed, as shown in Figure 2-21.

(35)

30 Figure 2-21 Preparing to set a field as a filter criterion

Typical Scenario

1.SIP Protocol Analysis

This topic describes how to use the Wireshark to analyze SIP signaling.

After starting the Wireshark, enter sip in the Filter text box. Then all SIP signaling that passes through the network adapter is filtered out.

Information in the Captured Packet List Window

Figure 2-22 shows the information in the captured packet list window.

 _{Source address from which a signaling record is sent}

IP address of the host that sends the signaling record

 _{Destination address to which a signaling record is sent}  _{Basic information about a signaling record}

Whether the signaling is a request or a status message. Figure 2-22 Information in the captured packet list window

After a signaling record is selected, the protocol layer information about the signaling record is displayed in the protocol layer description window.

(36)

31

Information in the Protocol Layer Description Window

Pay attention to the information at the application layer.

 _{Physical layer}

The first layer in the protocol layer description window is the physical layer, which contains Frame Number and Packet Length, as shown in Figure 2-23.

Figure 2-23 Physical layer of the SIP protocol

 _{Data link layer}

The second layer in the protocol layer description window is the data link layer, which contains the MAC address of the sender (Source), MAC address of the receiver (Destination), and packet type (Type), as shown in Figure 2-24.

At the data link layer, ensure that the MAC addresses are correct. If the MAC addresses are incorrect, the network device cannot send the packet to the expected destination address.

Figure 2-24 Data link layer of the SIP protocol

(37)

32 The third layer in the protocol layer description window is the network layer, which contains the source IP address (Source), destination IP address (Destination), packet length (Total length), and checksum (Header checksum), as shown in Figure 2-25. Figure 2-25 Network layer of the SIP protocol

At the network layer, check whether:

− The source IP address and destination address are correct.

− The length of a packet exceeds the maximum length allowed by a certain device.

 Transport control layer

The fourth layer in the protocol layer description window is the transport control layer, which contains Source port, Destination port, packet length (Length), and Checksum, as shown in Figure 2-26.

Figure 2-26 Transport control layer of the SIP protocol

At the transport control layer, check whether:

− The destination port is correct.

− The application process port is correct.

(38)

33 The network adapters of certain devices may calculate the checksum of the User Datagram Protocol (UDP) layer. If the checksum is incorrect, the network adapter of the device may discard the packet.

 Application layer

The fifth layer in the protocol layer description window is the application layer, which contains the SIP protocol details.

The signaling record consists of Request-Line and Message Header. If a message includes a message body, Message Body is also included, as shown in Figure 2-27. Figure 2-27 Request messages at the application layer of the SIP protocol

The message header information can be used to locate faults, as shown in Figure 2-28. Figure 2-28 Message header information

In the message header, pay attention to the following information:

(39)

34 Unique identifier of a group of messages. The requests and responses of a UA in a session share the same Call-ID. Therefore, you can obtain the information about the requests and responses of a session by querying the Call-ID.

Right-click a Call-ID to be queried, and then choose Apply as Filter > Selected, as shown in Figure 2-29.

Figure 2-29 Filtering a Call-ID out

Then the signaling records that share the same Call-ID are displayed in the captured packet list window. The Call-ID that is filtered out is displayed in the Filter text box on the toolbar, as shown in Figure 2-30.

Figure 2-30 Value of Filter on the toolbar

− From

Source address of the request.

− To

Logical receiver of the request.

− User-Agent

Information about the User Agent Client (UAC) that initiates the request.

If the value of User-Agent is Conf-serv/3GPP, the request is initiated by a personal computer (PC).

Common Tips

(40)

35 The absolute time generated after the gateway GPRS support node (GGSN) users use the tmf2cap to convert .tmf files to .cap files may be incorrect. You can use the relative time to view the packet delay information.

Generally, data packets are displayed by relative time in the program, which is the interval between a subsequent packet and the initial packet.

You can choose View > Time Display Format to change the time display mode. The Time Display Format menu contains four options, as shown in Figure 2-31.

 _{Time of Day: for example, 18:23:01.852876.}  _{Date and Time of a Day}

 Seconds Since Beginning of Capture

 _{Seconds Since Previous Captured Packet, which is used for viewing the time delay}

between packets.

Figure 2-31 Changing the time display mode

Loading the Custom Format Library

You can download or customize a format library for an application protocol that cannot be parsed by the Wireshark, and then load the format library to the Wireshark. Then the Wireshark can parse the application protocol, as shown in Figure 2-32.

For example, after you decompress the libxml2.rar file and copy the .dll file in the decompressed directory to the Wireshark installation directory, the Wireshark can parse the diameter protocol. The default Wireshark installation path is C:\Program Files\Wireshark.

(41)

36 Figure 2-32 Parsed diameter protocol after the diameter format library is loaded

Customizing the Non-Standard Port Applications

The Wireshark cannot identify the type of an application protocol that uses a non-standard port. Users can customize a protocol for parsing the non-standard port application protocol. 1. If the HTTP application has been enabled on port 1031 in an office, select the data

packet on port 1031.

2. Choose Analyze > Decode As, as shown in Figure 2-33. Figure 2-33 Decode As menu

(42)

37 You must choose Analyze > Decode As and select a protocol each time when you start the Wireshark to parse a non-standard port application protocol.

3. Select an application protocol, and then click Apply, as shown in Figure 2-34. Figure 2-34 Customizing a protocol for parsing the non-standard port application protocol

4. Click OK.

Splitting and Merging Result Files

1. Split a result file.

Choose File > save as, and then split a result file, as shown in Figure 2-35.

− Use the filter to display the information that you want to save as files separately, and then click displayed in the Packet Range area.

− Click Range, and then enter a number range, for example 1-1038. Then packets numbered from 1 to 1038 are saved as a file.

(43)

38 Figure 2-35 Save file as dialog box

2. Merge a result file. Choose File > Merge.

The system prompts you to save the result file before merging it.

− Enter the name of the result file to be merged, and then click Save.

− Select the file to which you will merge the result file, and then click Open.

Displaying Traffic Waveform Chart

The Wireshark can generate traffic waveform charts based on the captured data packets. You can set filter criteria to display the waveform charts of certain protocol traffic or user traffic in a certain period.

Choose Statistics > IO Graphic. The Wap service.cap dialog box is displayed, as shown in Figure 2-36.

(44)

39 Figure 2-36 Wap service.cap dialog box

By default, all traffic waveform charts are displayed. After you set the filter criteria in the filter, only traffic waveform charts that meet the filter criteria are displayed.

Calculating the Packet Traffic

The following describes the common method for calculating the packet traffic.

When receiving a request for calculating the packet traffic, you must verify that the extended field statistics in the Call Detail Records (CDRs) are correct.

 _{Choose Statistics > Conversations in the Wireshark.}

The Conversations page is displayed, as shown in Figure 2-37. Figure 2-37 Conversations page

(45)

40 In the basic packet information, such as all types of packets generate d during mobile phone conversions, the TCP and UDP tab pages are displayed. On the TCP tab page, the following columns are included: Address A, Port A, Address B, Port B, Bytes, Bytes A->B, and Bytes A<-B.

On the TCP and UDP tab pages shown in Figure 2-37, packets that have same address but different port numbers are displayed in different columns but are calculated together.

 _{Choose Statistics > Summary to calculate the total packet bytes. Before calculating the}

total packet bytes, ensure that the filter criteria are set.

After the preceding packet length is calculated, subtract 14 bytes (layer 2 information) and packet encapsulation added to the original packets by GGSN or Serving GPRS Support Node (SGSN), such as generic routing encapsulation (GRE) or GPRS tunneling protocol (GTP) encapsulation. The various encapsulation lengths are as follows:

− GTP V0 header 20 bytes

GTP V1 header: The fixed part is 8 bytes and the common part is 12 bytes.

− UDP header 8 bytes − IP header 20 bytes − GRE header 4 bytes

The window for parsing packets in the Wireshark includes:

 Upper part: area for obtaining packet serial numbers

 _{Middle part: area for parsing the selected packet}

 _{Lower part: area for displaying the original code streams for the selected packet}

In the Wireshark, you can enter filter criteria in the Filter text box shown in Figure 2-38; the packets that meet the filter criteria are displayed.

For example, to query the packets that are sent from or to the IP address 10.0.0.1, enter ip.addr==10.0.0.1 in the Filter text box, and then click Apply. The packets that are sent from or to the IP address 10.0.0.1 are displayed, as shown Figure 2-38.

(46)

41 Figure 2-38 Filtering out the captured packets

Using the RTP to Analyze 2833 Packets

To use the RTP to analyze 2833 packets, proceed as follows:

1. Use the Wireshark to open the bearer network port captured file in .pcap or .cap format. 2. Enter (rtp) && (rtp.p_type > 34) or rtpevent in the Filter text box.

3. Press Enter.

All files that are transferred using RFC 2833 in the captured information are filtered out, as shown in Figure 2-39.

(47)

42 Figure 2-39 RTP information

2833 packets use the sampling mode to send a number for multiple times. Numbers are separated by RTP packets whose Event is TRUE, as shown in Figure 2-40. The procedure for sending the number 6 is used as an example.

− The message "End of Event: False" in the packet parsing area indicates that the number 6 has not been sent completely.

(48)

43 Figure 2-40 Message "End of Event: False"

− The message "End of Event: True" in the packet parsing area indicates that the number 6 has been sent to the media stream. Then the number collection process is complete.

(49)

44 Figure 2-41 Message "End of Event: True"

To convert the captured UDP packets to RTP packets, go to 4. 4. Right-click a signaling record in the UDP column.

A shortcut menu is displayed, as shown in Figure 2-42. Figure 2-42 Displayed shortcut menu

(50)

45 5. Choose Decode As.

The Decode As dialog box is displayed, as shown in Figure 2-43. Figure 2-43 Decode As dialog box

6. Select RTP on the right pane. 7. Click OK.

A page shown in Figure 2-44 is displayed. The captured UDP packets have been converted to RTP packets. Then perform 1 through 3 to verify that the packet information has been transmitted to the media stream.

(51)

46 Figure 2-44 Converting UDP packets to RTP packets

2.6 Log Collection

Each UC component provides the log function to record system operation and running information, including fault information.

2.6.1 UC Log Files

This topic describes log files of each component in the UC solution. Table 2-6 UC log files

NE Log File Path Description

BMU (for Windows) bmu.log bmu.log.* (* indicates a number) Installation directory\eSpace_UC\eSpac e_UC_Server\Logs\BMU

Records the BMU running status. The current log file is named bmu.log, and the files generated before the current file are named bmu.log.*, whose maximum size is 10 MB.

Obtain one or two log files generated when a fault occurs, for example, bmu.log and bmu.log.1.

(52)

47

BMU_error.log Installation

directory\eSpace_UC\eSpac e_UC_Server\Logs\BMU

Records the exception information that is not captured during BMU running.

winMax.log Installation

directory\eSpace_UC\eSpac e_UC_Server\Logs\BMU

Records information about the connection between the BMU and the winMax charging system.

eaus.log Installation

directory\eSpace_UC\eSpac e_UC_Server\Server\logfile \updateServer

Records the running status of the client upgrade server. BMU (for Linux) bmu.log bmu.log.* (* indicates a number) Installation directory/eSpace_UC/eSpac e_UC_Server/Logs/BMU

Records the BMU running status. The current log file is named bmu.log, and the files generated before the current file are named bmu.log.*, whose maximum size is 10 MB.

Obtain one or two log files generated when a fault occurs, for example, bmu.log and bmu.log.1.

BMU_error.log Installation

directory/eSpace_UC/eSpac e_UC_Server/Logs/BMU

Records the exception information that is not captured during BMU running.

winMax.log Installation

Records information about the connection between the BMU and the winMax charging system.

eAUS.log Installation

Records the running status of the client upgrade server. eServer(for Windows) eMonitor.log Installation directory\eSpace_UC\eSpac e_UC_Server\Logs\Monitor Tool

Records the running status of eMonitor components. imGserver.debug imGserver.log Installation directory\eSpace_UC\eSpac e_UC_Server\Logs\eServer

Records the running status of the IMGServer.

(53)

48

Imserver.debug Imserver.log

Installation

directory\eSpace_UC\eSpac e_UC_Server\Logs\eServer

Records the running status of the IMServer.

eServer(for Linux) eMonitor.log Installation directory/eSpace_UC/eSpac e_UC_Server/Logs/Monitor Tool

Records the running status of eMonitor components. imGserver.debug imGserver.log Installation directoryeSpace_UC/eSpac e_UC_Server/Logs/eServer

Records the running status of the IMGServer.

Imserver.debug Imserver.log

Installation

directory/eSpace_UC/eSpac e_UC_Server/Logs/eServer

Records the running status of the IMServer.

MAA (for Windows) MBServer.log Installation directory\eSpace_UC\eSpac e_UC_Server\Server\MAA\ webapps\MBServer\logs

Records logs during MAA running. MAA (for Linux) MBServer.log Installation directory/eSpace_UC/eSpac e_UC_Server/Logs/MAA

Records logs during MAA running.

CDRServer BILLLog_0.txt Installation

directory\eSpace_UC\eSpac e_CDR\CDRServer\CDRSe rverlog

Records the running status of the Bill process.

FTPLog_0.txt Installation

Records the running status of the FTP process. MonitorLog_0.txt Installation directory\eSpace_UC\eSpac e_CDR\CDRServer\CDRSe rverlog

Records the running status of the Monitor Console.

mmlLog_0.txt Installation

Records the running status of the MML process. eSpace Meeting server mcms_0104_*.lo g (* indicates a number) Installation directory\eSpace_UC\eSpac e_Meeting\log

Records the running status of the eSpace Meeting server. eSpace Meeting client mcstub_*1.log (* indicates a number)

Path of client logs for eSpace Meetings that are accessed from the eSpace client:

Installation

directory\eSpace_UC\Enter

Records the running status of the eSpace Meeting client.

(54)

49

prise_UC\cwbin\trace Path of client logs for eSpace Meetings that are accessed from Internet Explorer:

Installation

directory\program data folder of the current system user\CenWave\trace On the Windows XP operating system, the default value of program data folder of the current system user for

administrator login is as follows: C:\Documents and Settings\administrator\Appl ication Data\ On the Windows 7 operating system, the default value of program data folder of the current system user for

administrator login is as follows:

C:\Users\administrator\App Data\Local\Temp\

Records the running status of the eSpace Meeting client. Console server CTISRVLog.txt Installation directory\eSpace_UC\eSpac e_Console\Console_Server\ log

Records Console server operation and service information. CTIServerLog.lo g Installation directory\eSpace_UC\eSpac e_Console\Console_Server\ log Records commissioning information.

All files in the fr_exception directory Installation directory\eSpace_UC\eSpac e_Console\Console_Server\ fr_exception

Records system fault information.

Softconsole All.log Installation

directory\eSpace_UC\eSpac e_Console\Soft_Console\Lo g

Records Softconsole operation and service information.

sipx.log Installation

directory\eSpace_UC\eSpac e_Console\Soft_Console\Lo

Records information related to the SIP protocol.

(55)

50

g eDirectory N/A

OpenLDAP N/A

2.6.2 Log Collection Methods

This topic describes the log collection methods of components in eSpace UC solution.

Component Log Collection Method

BMU Copy log files from the path specified in Table 2-6 in 2.6.1 UC Log Files. eSpace To obtain eSpace client logs, use the debughelp.bat tool. For details, see

2.3 Fault Information Collection on the eSpace Client.

To obtain eSpace server logs, copy the imGserver.debug, imGserver.log, Imserver.debug, and Imserver.log files from the paths specified in Table 2-6 in 2.6.1 UC Log Files.

MAA server Copy log files from the path specified in Table 2-6 in 2.6.1 UC Log Files. eSpace

Meeting server and client

Copy log files from the path specified in Table 2-6 in 2.6.1 UC Log Files.

UMS server Log in to the UMS web management page, and choose UMS > System Log Management from the navigation tree on the left.

CDRServer Copy log files from the path specified in Table 2-6 in 2.6.1 UC Log Files. Console

system

Copy log files from the path specified in Table 2-6 in 2.6.1 UC Log Files.

Unified Gateway

Use the UCMaint tool to collect Unified Gateway logs.

For details, see Fault Management > Troubleshooting > Common Methods for Locating Faults > Log Analysis in the Unified Gateway VoIP Integrated Exchange Product Documentation.

IAD The IAD reports logs to the log server, enabling users to view the logs on the log server.

For details, see Maintenance > Security Maintenance > Application Layer Security > Passwords of the Accounts at the Application Layer > Checking IAD Logs in the IAD Product Documentation of the IAD in the corresponding model.

IP Phone The IP phone reports logs to the log server, enabling users to view the logs on the log server.

For details, see Troubleshooting > Methods of Locating Faults > Displaying Debugging Logs in the Administrator Guide of the IP phone in the corresponding model.

espace UC V100R002C01SPC100 Troubleshooting Guide HUAWEI TECHNOLOGIES CO., LTD. Issue 02 Date

eSpace UC

V100R002C01SPC100

Troubleshooting Guide

Huawei Technologies Co., Ltd.

Contents

1 Troubleshooting Overview ... 1

2 Fault Information Collection ... 7

3 Fault Locating Methods ... 57

4 Login Faults ... 75

5 eSpace Service Usage Faults ... 82

6 License Faults ... 97

7 Conference Service Faults... 101

8 Console System Service Faults ... 104

9 CDR Faults ... 107

1

Troubleshooting Overview

About This Chapter

1.1 Fault Levels

1.2 Precautions

1.3 Requirements for Maintenance Personnel

1.4 Overall Troubleshooting Process

1.4.1 Overall Troubleshooting Flowchart

1.4.2 Collecting Fault Scenario Information

1.4.3 Evaluating a Fault

1.4.4 Locating and Rectifying the Fault

Locating the Fault

Collecting Fault Information

Rectifying the Fault

1.4.5 Verifying That the Fault Is Rectified

1.4.6 Generating a Troubleshooting Report

1.4.7 Seeking Help from Huawei

1.5 Huawei Technical Support

2

Fault Information Collection

About This Chapter

2.1 Check Items for Fault Information Collection

2.2 Operation Procedure Information Collection

2.3 Fault Information Collection on the eSpace Client

Procedure

2.4 Signaling Tracing

Prerequisites

Context

Procedure

Follow-up Procedure

2.5 Packet Capture

2.5.1 Cyclic Packet Capture

Step 1 for Cyclic Packet Capture: Start Cyclic Packet Capture

Step 2 for Cyclic Packet Capture: Stop Packet Capture

Step 3 for Cyclic Packet Capture: Filter and Recombine Packets

2.5.2 Remote Packet Capture

Context

Procedure

2.5.3 Wireshark

Tool Introduction

Obtaining Method

User

Function

Function Description

Common Operations and Menus

1.Wireshark Main Page

Menu Pane

Shortcut Button Pane

Filter Pane

Packet List Pane

Packet Details Pane

Packet Bytes Pane

2.Common Operations

Context

Procedure

Filter Rules for the Captured Package Information

1.Filter Expression Rules

Comparison Symbols

Logical Operators

Setting Protocol Fields

Common Filter Expressions

Filtering Segment Packets

2.Filter Expression Construction Tips

Typical Scenario

1.SIP Protocol Analysis