Wire Shark Ethereal Traces

Care – Radio Access

NSN - India

For Internal use

1 © Nokia Siemens Networks Wire Shark v.2 / Navit Sethi / 02.06.10
Scope
This document is to help Operations team in
troubleshooting Gb or GPRS related issues.

To troubleshoot issues with Gb over IP or PCU

pooling, it is not possible to analyze with help of
commands or logs only. Additional information is
needed in form of message flow, and we require
some packet analyzer to study such messages.

Wireshark is software that "understands" the

structure of different networking protocols. Thus,
it is able to display the encapsulation and the
fields along with their meanings of different
packets specified by different networking
protocols.

For Internal use

2 © Nokia Siemens Networks Wire Shark v.2 / Navit Sethi / 02.06.10
Brief Details

Wire shark is a free and open source packet analyzer. It is used for network
troubleshooting, analysis, software and communication protocol development.

Originally named Ethereal, in May 2006 the project was renamed Wire shark due to
trademark issues.

This very powerful tool provides network and upper layer protocols informations about data
captured in a network.

The Wireshark strength comes from:

- its easiness to install.
- the simplicity of use of its GUI interface.
- the very high number of functionality available.

Wireshark uses pcap to capture packets, so it can only capture the packets on the types of
networks that pcap supports.

For Internal use

3 © Nokia Siemens Networks Wire Shark v.2 / Navit Sethi / 02.06.10
Software
Wireshark Can be downloaded from
http://www.wireshark.org/download.html

Analyzing of Wireshark Documentation available from

http://openmaniak.com/wireshark.php

Alternatively HELP section will also provide protocol details

(refer to snapshot below)

For Internal use

4 © Nokia Siemens Networks Wire Shark v.2 / Navit Sethi / 02.06.10
Important Point
Multiple Files need to be captured
• Idle duration is 30 Minutes
• Easy to analyze and share trace file

Go to Capture  Options  Select Network Adapter  Tick Multiple files

and specify Time duration  Browse for location to save Trace files

Please refer to snapshot in next slide with details

For Internal use
5 © Nokia Siemens Networks Wire Shark v.2 / Navit Sethi / 02.06.10
For Internal use
6 © Nokia Siemens Networks Wire Shark v.2 / Navit Sethi / 02.06.10
Method for capturing Ethereal Traces
1. Hub Method
– Need to have a HUB
– Local BSS Engineer required
– Transmission break to connect the HUB.
(In simple Gb over IP, other NSEI will also go down)

For Internal use

7 © Nokia Siemens Networks Wire Shark v.2 / Navit Sethi / 02.06.10
2. ESB Mirror Port Method

This method utilizes “ Port mirroring “ to make direct copy of all the traffic from one
ESB port to another.

– No need to have a HUB

– Eliminates transmission break
– Need Local engineer to present physically at site

To configure the ESB card, we need to modify the ESB configuration as

mentioned below

A. Configure the laptop port (unused port) to monitor the active port ( connected to SGSN
carrying traffic)

Log into ESB card using a serial connection (SER port)

 Enter password and go to privileged mode by typing “ en "

 Go to configure mode by typing “ configure terminal "

 Go to the laptop port configuration (1/1/2) by typing “ interface 1/1/2 "

 Enable the mirroring of active port (1/1/1) using command “ port monitor 1/1/1 "

For Internal use

8 © Nokia Siemens Networks Wire Shark v.2 / Navit Sethi / 02.06.10
B. Collecting Wire shark traces from port 1/1/2 (ETH2)

 Connect laptop/ windows machine to port-2 of ESB using Ethernet straight cable.

 Give any free IP address to laptop in same subnet as BSC

 Start monitoring the IP logs at laptop using Wireshark.

Sample configuration logs attached

as 1st Sample.

Note

• Do not forget to revert settings on sniffer port after capturing traces.

• Monitor the port on ESB where Cable coming from SGSN carrying Gb traffic is terminated.

• Only use any unused port as SNIFFER port.

For Internal use

9 © Nokia Siemens Networks Wire Shark v.2 / Navit Sethi / 02.06.10
3. L3 Switch/Router Mirror Port Method

This method utilizes “ port mirroring ” to make direct copy of all the traffic
from L3 switch / Node switch.

– No need to have a HUB

– Eliminates transmission break
– No need to have Local engineer to present physically at site
– Expedite response from Circle Team
(help mainly in outages and critical issues affecting all BSC)

This method is recommended to be deployed in Network for early resolution.

Note

• No need to revert settings on sniffer port.

• Can be easily configured / modified for all BSC/clusters.

• One unused port need to be reserved, which will be configured as “ Sniffer port” as per
requirement.

For Internal use

10 © Nokia Siemens Networks Wire Shark v.2 / Navit Sethi / 02.06.10
Sample Configuration from Cisco Switch

interface GigabitEthernet1/0/18
description "Connected to NIMTOURI-ALONE"
switchport access vlan 518
switchport mode access
storm-control broadcast level 0.10
no cdp enable
spanning-tree portfast
spanning-tree bpdufilter enable
!
interface GigabitEthernet1/0/20
no cdp enable
monitor session 1 source interface Gi1/0/18
monitor session 1 destination interface Gi1/0/20

Sample configuration logs attached

as 2nd Sample.

For Internal use

11 © Nokia Siemens Networks Wire Shark v.2 / Navit Sethi / 02.06.10
 Thank you

Navit Sethi
Radio Access
Care Competence Stream
Nokia Siemens Networks India

I For Internal use

12 © Nokia Siemens Networks Wire Shark v.2 / Navit Sethi / 02.06.10