You are on page 1of 4

bu tcpdump komutu ile bir BSC’ye dump almak en iyisi gibi.

Bu komut sabah çalıştırılabilir, sonra da kill


ile istediğin zaman kapatabilirsin.

#nohup tcpdump –host <IPADRESIBSC> -i bond0 -n -s0 –w /packages/dump/ring.pcap -W 10 -C


150 -Z root "tcp" > /dev/null &

Please try below tcpdump command capture resume process packets, you have to run this
command before issue resume directive,
# tcpdump -s 0 -vvv -XX -w /tmp/output.pcap host <EMS IP_address>

Collect tcpdump at q3user node when problematic BSC(BKSTK02 BSC) transfer file to NetAct. (tcp
102 portunu dinliyor)
# tcpdump tcp port 102 -s 0 -w <target_file.pcap> -- for utstcp (tp0)

# tcpdump -v dst port 162


(This command shows what is being sent on port 162)

Collect tcpdump:
tcpdump 'host 10.236.221.68' -s 0 -w /home/omc/xxxxx.pcap
------------------
aveanmsb:~ # tcpdump -v port 6803
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
16:54:10.188563 IP (tos 0x0, ttl 64, id 48911, offset 0, flags [DF], proto TCP (6), length 67)
aveanmsb.site.pfm-export > 10.19.42.13.59640: P, cksum 0x6d9d (incorrect (-> 0x6fa7),
380776769:380776796(27) ack 2074641058 win 115
16:54:10.261569 IP (tos 0x0, ttl 62, id 21570, offset 0, flags [DF], proto TCP (6), length 40)
10.19.42.13.59640 > aveanmsb.site.pfm-export: ., cksum 0x7887 (correct), ack 27 win 32768
16:55:01.002523 IP (tos 0x0, ttl 64, id 48912, offset 0, flags [DF], proto TCP (6), length 334)
aveanmsb.site.pfm-export > 10.19.42.13.59640: P 27:321(294) ack 1 win 115
16:55:01.072613 IP (tos 0x0, ttl 62, id 21571, offset 0, flags [DF], proto TCP (6), length 40)
10.19.42.13.59640 > aveanmsb.site.pfm-export: ., cksum 0x7761 (correct), ack 321 win 32768
16:55:01.072652 IP (tos 0x0, ttl 64, id 48913, offset 0, flags [DF], proto TCP (6), length 1216)
aveanmsb.site.pfm-export > 10.19.42.13.59640: P 321:1497(1176) ack 1 win 115

nohup tcpdump -w SOEM.pcap src 10.19.40.20 &

(10.19.40.20 source’dan gelenleri trace et)


-----------------------------------------------------------

Can you please trigger the RNC-316 integration data upload again and capture the below logs from
OMS.
1. Wires shark traces using command “/usr/sbin/tcpdump -i bond0 -s 65535 -w
goms_tcp.pcap”
2. Trigger the integration data upload from OSS.

------------------------------------------------------------------------------------

mkdir /packages/NA05064957/
tcpdump -i bond0 -n -s0 -w /packages/NA05064957/adu1.pcap host 10.228.5.12 or udp port 162 or udp port 161
or icmp

run alarm DB Upload for CMS network element. After it finishes - please close above tcpdump instance.

Gerekli kontroller yapılmış ve bir probleme rastlanılmamıştır.

root@ist-tah-pbn-col-002:~# sudo ethtool eth4


Settings for eth4:
Supported ports: [ FIBRE ]
Supported link modes: 1000baseT/Full
Supported pause frame use: No
Supports auto-negotiation: Yes
Advertised link modes: 1000baseT/Full
Advertised pause frame use: No
Advertised auto-negotiation: Yes
Speed: 1000Mb/s
Duplex: Full
Port: FIBRE
PHYAD: 0
Transceiver: external
Auto-negotiation: on
Supports Wake-on: d
Wake-on: d
Current message level: 0x00000007 (7)
drv probe link
Link detected: yes

root@ist-tah-pbn-col-002:~# sudo tcpdump -nvi eth4 -c1 port 1813


tcpdump: listening on eth4, link-type EN10MB (Ethernet), capture size 262144 bytes
02:25:56.452984 IP (tos 0x0, ttl 59, id 21449, offset 0, flags [none], proto UDP (17), length 466)
10.212.136.9.49485 > 10.240.110.94.1813: RADIUS, length: 438
Accounting Request (4), id: 0x2a, Authenticator: aad7b6a0e0bfa32b7c4913cccb909fed
NAS IP Address Attribute (4), length: 6, Value: 10.212.136.9
NAS ID Attribute (32), length: 12, Value: GGSNTAHE01
Called Station Attribute (30), length: 10, Value: internet
Framed Protocol Attribute (7), length: 6, Value: #7
Service Type Attribute (6), length: 6, Value: Framed
NAS Port Type Attribute (61), length: 6, Value: Virtual
NAS Port Attribute (5), length: 6, Value: 132639104
Calling Station Attribute (31), length: 14, Value: 905537451982
Accounting Status Attribute (40), length: 6, Value: Start
Framed IP Address Attribute (8), length: 6, Value: 10.176.25.7
Accounting Session ID Attribute (44), length: 18, Value: B904447A3AE48E2D
Class Attribute (25), length: 67, Value: SBR2CL.........▒.▒..▒.....▒.▒........▒..........▒...........▒....
Username Attribute (1), length: 6, Value: AVEA
Accounting Session Time Attribute (46), length: 6, Value: 00 secs
Event Timestamp Attribute (55), length: 6, Value: Tue Feb 7 02:25:56 2017
Accounting Authentication Attribute (45), length: 6, Value: RADIUS
Accounting Delay Attribute (41), length: 6, Value: 00 secs
Vendor Specific Attribute (26), length: 23, Value: Vendor: 3GPP (10415)
Vendor Attribute: 1, Length: 15, Value: 286039500003098
Vendor Specific Attribute (26), length: 12, Value: Vendor: 3GPP (10415)
Vendor Attribute: 2, Length: 4, Value: :..-
Vendor Specific Attribute (26), length: 12, Value: Vendor: 3GPP (10415)
Vendor Attribute: 3, Length: 4, Value: ....
Vendor Specific Attribute (26), length: 12, Value: Vendor: 3GPP (10415)
Vendor Attribute: 4, Length: 4, Value: ....
Vendor Specific Attribute (26), length: 31, Value: Vendor: 3GPP (10415)
Vendor Attribute: 5, Length: 23, Value: 08-4d08000021c000014820
Vendor Specific Attribute (26), length: 12, Value: Vendor: 3GPP (10415)
Vendor Attribute: 6, Length: 4, Value: .)..
Vendor Specific Attribute (26), length: 12, Value: Vendor: 3GPP (10415)
Vendor Attribute: 7, Length: 4, Value: ..Dz
Vendor Specific Attribute (26), length: 9, Value: Vendor: 3GPP (10415)
Vendor Attribute: 10, Length: 1, Value: 5
Vendor Specific Attribute (26), length: 9, Value: Vendor: 3GPP (10415)
Vendor Attribute: 12, Length: 1, Value: 0
Vendor Specific Attribute (26), length: 12, Value: Vendor: 3GPP (10415)
Vendor Attribute: 13, Length: 4, Value: 0100
Vendor Specific Attribute (26), length: 13, Value: Vendor: 3GPP (10415)
Vendor Attribute: 18, Length: 5, Value: 28603
Vendor Specific Attribute (26), length: 24, Value: Vendor: 3GPP (10415)
Vendor Attribute: 20, Length: 16, Value: 3540720615518701
Vendor Specific Attribute (26), length: 9, Value: Vendor: 3GPP (10415)
Vendor Attribute: 21, Length: 1, Value: .
Vendor Specific Attribute (26), length: 16, Value: Vendor: 3GPP (10415)
Vendor Attribute: 22, Length: 8, Value: ...0....
Vendor Specific Attribute (26), length: 10, Value: Vendor: 3GPP (10415)
Vendor Attribute: 23, Length: 2, Value: !.
Vendor Specific Attribute (26), length: 9, Value: Vendor: 3GPP (10415)
Vendor Attribute: 26, Length: 1, Value: .
1 packet captured
36 packets received by filter
0 packets dropped by kernel
root@ist-tah-pbn-col-002:~#

A. Start the tcp dump command as below.


tcpdump -s 8096 -v -w tcp_snmp_SOM.dump host <SOMIP> and port 161 &

B. Execute the snmpTrial.sh with increased time out period and debug enabled , the command
is as below.
snmpbulkget -v2c -c public -t90 -d -Cn0 -Cr${i} $SOM
C. Once the snmp is executed, kill the tcp collection process as below.
ps -ef | grep tcp
This will list the processes with tcp. Kill the process associsated with "tcpdump -s 8096 -v
-w" . And provide me with the collected tcpdump file.

# tcpdump -vvv -i any | grep 10.19.42.13


tcpdump: WARNING: Promiscuous mode not supported on the "any" device
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 96 bytes
13:39:21.628570 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto: UDP (17), length: 486)
somsrv02.site.32907 > 10.19.42.13.snmptrap: { SNMPv1 { Trap(439) E:193.27 10.19.40.20
enterpriseSpecific s=3 1525856 [|snmp] }