Efficient logging of PRI traffic for later analysis?

Home » Asterisk Users » Efficient logging of PRI traffic for later analysis?
Asterisk Users 5 Comments

Often, when I want to be able to do post-mortem analysis of network
traffic, I can have a suitable tcpdump with -w to capture raw packets
for later analysis with Wireshark. On some systems I have this running
continuously on the SIP port.

Is there any way of doing something similar with PRI ISDN protocol?
I certainly don’t want to have pri span debug running all the time,
but from time to time I do get customer queries about calls that have
failed or dropped for some reason, and it would be very useful to be
able to view the PRI exchange retrospectively. So I’d like the ability
efficiently to log PRI traffic raw to a file and then interpret it later.

Does anything like this exist already? Or could anyone point me in
the right direction for developing something?

Cheers
Tony

5 thoughts on - Efficient logging of PRI traffic for later analysis?

  • Search for ‘DAHDI pcap’; in recent versions of DAHDI it has become
    possible to generate PCAP dumps of HDLC traffic on D-channels (which
    could be ISDN, Q.SIG, SS7, etc.).

  • In article <4F18A763.90309@digium.com>,
    Kevin P. Fleming wrote:

    Thanks, that sounds just the job…

    Tony

  • Which tool would you then pick read or analyse those ISDN, Q.SIG, SS7
    pcap files ?
    I took quick look at Wireshark capabilities but I’m still not sure
    about its relevance.

    2012/1/20, Tony Mountifield :

  • Once you have got some data in a simple text file, not much beats awk for
    making sense of it.

    It’s one of the standard Unix text processing utilities; it’s so necessary,
    some distros put it in /bin aot /usr/bin; and if you’ve never used it before,
    once you start using it, you’ll wonder how you ever lived without it.

    Read the manpage and search online for more information.