Traffic collector manual
The signaling collector gathers SIP/H.323 logs in real time and let you view their contents and Call flows.
Overview
The Signaling collector gathers, stores and conveniently displays SIP and H.323 messages sent and received via the predefined ports of your network.
There are several ways for accessing this feature:
There are several ways for accessing this feature:
- through CDRs (see CDR pop-up menu) which frees you from entering Call ID manually, and lets you see call flow for 2 call legs at once).
- through your current screen by opening the Signaling logs module.
- by adding a new Traffic collector screen (see Menu tree for information on how to add it).
Signaling logs menu
The menu on top of the Signaling logs table consists of the Table menu, the Interval strip, the Row count strip, the Row limit strip, the Export 5g log button, the Import PCAP or 5g log button, the Leg list, the Call list and the Call flow button.
The interval selector allows you to limit the number of packets fetched from the DB to those belonging to the latest period (1m, 10m, 1h, etc) or custom period only, while the row count selector limits them to only the top X rows.
To apply the settings of the selectors, click GO. The Rows label shows the current number of rows displayed with filters applied.
To create a shared link based on the information displayed at the current screen, click Share. For more information see Shared links.
To export the currently displayed packets into a text file, click Export log file. To export packets for a certain interval into a PCAP file, choose an interval in the Interval strip, click File PCAP on the Row limit strip and then GO. To import logs from a text file or Wireshark-readable PCAP format, click Import PCAP or 5g file. You can also drag and drop a PCAP file right to the window. Please note that the import function affects the web interface only and doesn't change the DB. That is why imported data will disappear once you reload or leave the screen.
To view the full list of legs recognized in the current log, click Leg list. The system will open a new Leg list window.
To view the full list of 1-leg and 2-leg calls based on the current log, click Call list. The system will open a new Call list window.
To view the packets of a particular one- or multi-leg call in a timely organized flow form, click Call flow.
The interval selector allows you to limit the number of packets fetched from the DB to those belonging to the latest period (1m, 10m, 1h, etc) or custom period only, while the row count selector limits them to only the top X rows.
To apply the settings of the selectors, click GO. The Rows label shows the current number of rows displayed with filters applied.
To create a shared link based on the information displayed at the current screen, click Share. For more information see Shared links.
To export the currently displayed packets into a text file, click Export log file. To export packets for a certain interval into a PCAP file, choose an interval in the Interval strip, click File PCAP on the Row limit strip and then GO. To import logs from a text file or Wireshark-readable PCAP format, click Import PCAP or 5g file. You can also drag and drop a PCAP file right to the window. Please note that the import function affects the web interface only and doesn't change the DB. That is why imported data will disappear once you reload or leave the screen.
To view the full list of legs recognized in the current log, click Leg list. The system will open a new Leg list window.
To view the full list of 1-leg and 2-leg calls based on the current log, click Call list. The system will open a new Call list window.
To view the packets of a particular one- or multi-leg call in a timely organized flow form, click Call flow.
Signaling logs
Once signaling packets are loaded, they are displayed in a table with the predefined sort. By default, the sort is done by the Capture time column, this organizes packets correctly on the timeline. All 5gVision table capabilities are supported (like Filtering, Column selection, Column resizing, Export. See more in User interface).
To view the contents of an individual packet, right-click on the required row and choose View selected packet(s). Another way to do it is to click the packet content in the Packet data column. This will open the Packet viewing window containing information of the required packet. You can ctrl-click several rows to select them all at once and then use the View selected packet(s) option to view the selected packets in one window. You can also ctrl-click in the Packet data column of the required packets to open several windows with the packet info which might be handy if you want to compare several packets.
To view all packets forming a call leg, right-click on a packet belonging to a required leg and choose View selected leg(s). You can also ctrl-select several packets, belonging to different legs, and view all their packets in the same window (same as multiple selection of packets above).
To view the call flow figure, click the Call flow button. This will open the Call flow viewing window. The result will depend on the value in the Call ID column filter and the selection of packets in the table.
If a Call ID filter is present in a filter field above the respective column:
To view the contents of an individual packet, right-click on the required row and choose View selected packet(s). Another way to do it is to click the packet content in the Packet data column. This will open the Packet viewing window containing information of the required packet. You can ctrl-click several rows to select them all at once and then use the View selected packet(s) option to view the selected packets in one window. You can also ctrl-click in the Packet data column of the required packets to open several windows with the packet info which might be handy if you want to compare several packets.
To view all packets forming a call leg, right-click on a packet belonging to a required leg and choose View selected leg(s). You can also ctrl-select several packets, belonging to different legs, and view all their packets in the same window (same as multiple selection of packets above).
To view the call flow figure, click the Call flow button. This will open the Call flow viewing window. The result will depend on the value in the Call ID column filter and the selection of packets in the table.
If a Call ID filter is present in a filter field above the respective column:
- If no table rows are selected - show a Call flow for all packets belonging to filtered Call IDs.
- If one row is selected - same as above, show a Call flow for all packets belonging to filtered Call IDs.
- If several rows are selected - show a Call flow for all packets with the same Call IDs as the chosen ones. This way you may choose to show only certain legs out of several present in a log table. No need to choose all the packets in a leg, one packet will be enough to show a full leg.
- If no table rows are selected - show a Call flow for the leg with the Call ID of the first packet in a table.
- If one row is selected - show a Call flow for all packets with the same Call ID as the selected packet.
- if several rows are selected - show a Call flow for all packets with the same Call IDs as the chosen ones.
Leg list
To view all legs in the currently displayed log, click the Leg list button. The system will open a new window showing Call ID, leg SRC and DST addresses and the list of packets constituting a leg.
You may open the Call Flow window for the desired leg using the link in the leg status column or with the help of the pop-up menu.
To view the leg's packets (see Packet viewing), you may use the pop-up menu or click the content of the Packets column.
You may open the Call Flow window for the desired leg using the link in the leg status column or with the help of the pop-up menu.
To view the leg's packets (see Packet viewing), you may use the pop-up menu or click the content of the Packets column.
Call list
To view all 1 and 2-legged calls in the currently displayed log, click the Call list button. The system will open a new window showing leg parameters, such as Call ID, legs' SRC and DST addresses and the list of packets constituting the first and the second leg.
You may open the Call Flow window for the desired leg using the link in the leg status column or with the help of the pop-up menu.
To view the first or the second leg's packets (see Packet viewing), you may use the pop-up menu or click the content of the Packets Leg N column.
You may open the Call Flow window for the desired leg using the link in the leg status column or with the help of the pop-up menu.
To view the first or the second leg's packets (see Packet viewing), you may use the pop-up menu or click the content of the Packets Leg N column.
Call flow
The Call flow window graphically presents the call as a series packet exchanges between switches.
5gVision parses the packets and automatically divides the call into a number of legs, taking into account Call IDs and IPs involved. The system forms a new leg whenever any address or port in a SRC IP - DST IP pair is changed. Clicking on the Call ID link on top of the leg column or on the individual packet name will open a new Packet viewing window showing all packets that comprise the leg or a single packet respectively.
You may also remove the undesired packets from the displayed call flow by clicking the red cross next to the leg ID.
You may also resize the window to display all legs at the same time. Double click on the resize icon to revert the window to the default height and width.
The window contains the Share selected button which allows you to share the required legs (marked with checkboxes) as a Shared link (see Shared links). This feature comes the additional benefits on top of the usual ones of the shared links - you may hide your partners and send these logs to your vendor and vice versa which is much more convenient than editing the required bits out of raw logs.
There is also the PCAP selected button that lets you export the selected legs to a pcap file.
5gVision parses the packets and automatically divides the call into a number of legs, taking into account Call IDs and IPs involved. The system forms a new leg whenever any address or port in a SRC IP - DST IP pair is changed. Clicking on the Call ID link on top of the leg column or on the individual packet name will open a new Packet viewing window showing all packets that comprise the leg or a single packet respectively.
You may also remove the undesired packets from the displayed call flow by clicking the red cross next to the leg ID.
You may also resize the window to display all legs at the same time. Double click on the resize icon to revert the window to the default height and width.
The window contains the Share selected button which allows you to share the required legs (marked with checkboxes) as a Shared link (see Shared links). This feature comes the additional benefits on top of the usual ones of the shared links - you may hide your partners and send these logs to your vendor and vice versa which is much more convenient than editing the required bits out of raw logs.
There is also the PCAP selected button that lets you export the selected legs to a pcap file.
Packet viewing
The packet viewing window presents packet content in textual form. The amount of information depends on where and how the window was invoked: it is possible to view a single packet, all packets pertaining to a single leg or the whole call.
The toolbar at the top of the window allows the user to do the following:
It is possible to expand or collapse a packet body in a packet viewer window by clicking on its header (INVITE, etc.).
The toolbar at the top of the window allows the user to do the following:
- Select the whole text (for subsequent copying) with the help of the Select all button.
- Disable or enable text formatting with the help of the Raw log/Formatted button.
- Show the selected packet(s) (Selected packets), the leg to which the packet(s) belong (Selected legs) or all legs in the Signaling logs (All legs, up to 1000 packets in total).
- Switch to viewing the call in the Call flow window.
It is possible to expand or collapse a packet body in a packet viewer window by clicking on its header (INVITE, etc.).