TryLearn More

Use SIP trunks, WebRTC & Apps

Slash your Phone Bill by 80%

Network Capture from Web Interface

On this topic

Network Capture from Web Interface

Introduction

Prerequisites

Start a capture

Retrieve the capture

Introduction

In 3CX network captures can be triggered directly from the Management Console. This allows for live packet captures that are saved in PCAP format which can then be attached to a generated SupportInfo file or can be directly downloaded.

Prerequisites

For Windows based installs it remains the administrator's obligation to install Wireshark on the OS running 3CX. If Wireshark can not be detected the following message will be shown:

For Linux based installs tcpdump will be automatically installed while installing or updating 3CX.

Start a Capture

Login to the “Management Console → Dashboard → Activity Log”.

If a capture driver is installed an interface selector is visible to select a specific interface to record from or all interfaces in the system (excluded are IPv6 tunneling adapters).

Linux allows you to also capture from the local host (lo) which might be useful while debugging SBC and Tunnel connections.

Click on the Capture button to start a new recording of network traffic. Wireshark on Windows and tcpdump on Linux will remote start on the server machine. Quickly replicate the issue because traffic capture takes resources and consumes space.

The above dialog will be displayed. When ready click on “STOP”.

Important: Do not press anywhere except Stop, change the URL in the browser as the window will be locked until the capture is stopped by the admin. This is to avoid dual or stale running capture in the background of the OS filling up the disk space/ram of the host.

Retrieve the Capture

Once you have selected Stop, the capture file is saved and you can choose to download it directly or generate a support info file which will include this capture along with the general configuration of the system.

Regardless of how the PCAP will be obtained (SupportInfo or direct download) the server files are deleted. The location where the captures are saved server side on are:

Windows:
C:ProgramData3CXInstance1DataLogsdump.pcap

Linux:

/var/lib/3cxpbx/Instance/Data/Logs/dump.pcap

Once downloaded it can be reviewed by using Wireshark on any PC/MAC.

Limitations

Certain limitations are in place to prevent system overloads or abandoned capturing of the system. The built-in capture feature can not be used to run long term captures and might still need to be started by the admin on the host manual to do so.

Capture size is limited to capture a maximum of 2 million packets until it will auto stop the capture drive from collecting further data. Therefore you may can also use the manual capture option explained here: https://www.3cx.com/blog/docs/use-wireshark-to-capture-network-traffic/