Live Signaling Capture with tbsigtrace

You activate tbsigtrace and pipe it directly in Wireshark through SSH to get a live capture of SS7, ISDN, SIP, Sigtran and H.248 (not all in the same wireshark window). This page provides the procedure for a Windows base operating system using plink and Wireshark tools.

WARNING: tbsigtrace application should not be used all the time, otherwise it might reduce performance. Also we suggest to do the live capture on only one Tmedia at a time.

The procedure is as following:

Download plink

Download 64 bit plink at https://the.earth.li/~sgtatham/putty/latest/w64/plink.exe Download 32 bit plink at https://the.earth.li/~sgtatham/putty/latest/w32/plink.exe Place it in C:\Program Files\Putty directory

Execute the command to capture the signalling accordingly

This is the structure of the command:

plink.exe -batch -ssh root@[IP_of_management_port] -P [ssh_port] -pw [ssh_password] "tbsigtrace -stdout -[protocol]" | "C:\Program Files\Wireshark\wireshark.exe" -k -i -

For SS7 capture

plink.exe -batch -ssh root@10.10.10.10 -pw mypassword "tbsigtrace -stdout -ss7" | "C:\Program Files\Wireshark\wireshark.exe" -k -i -

For ISDN capture

plink.exe -batch -ssh root@10.10.10.10 -pw mypassword "tbsigtrace -stdout -isdn" | "C:\Program Files\Wireshark\wireshark.exe" -k -i -

For SIP or SIGTRAN capture

plink.exe -batch -ssh root@10.10.10.10 -pw mypassword "tbsigtrace -stdout -ip" | "C:\Program Files\Wireshark\wireshark.exe" -k -i -

For H.248 capture

plink.exe -batch -ssh root@10.10.10.10 -pw mypassword "tbsigtrace -stdout -h248" | "C:\Program Files\Wireshark\wireshark.exe" -k -i -

For Radius or SNMP capture

plink.exe -batch -ssh root@10.10.10.10 -pw mypassword "tcpdump -i mgmt0 -s 0 -w - -f 'not tcp port 22'" | "C:\Program Files\Wireshark\wireshark.exe" -k -i -

Link to Signaling Trace Capture Tool page: tbsigtrace

PreviousHow to setup ssh tunnel with PuTTY NextHow to Get Rid of Sub Optimal Warning

Last updated 4 months ago

Was this helpful?