TIPS Wireshark for Monitoring Errors

nateornat

Member
Joined
May 15, 2009
Messages
100
Reaction score
9
PIAF Installed Version = 2.0.6.4 under *HARDWARE* │
│ FreePBX Version = 2.9.0.12 │
│ Running Asterisk Version = 1.8.21.0 │
│ Asterisk Source Version = 1.8.21.0 *MODIFIED* │
│ Dahdi Source Version = 2.6.2 │
│ Libpri Source Version = 1.4.12 │
│ IP Address = 192.xxx.xxx.xxx on eth0 │
│ Operating System = CentOS release 6.4 (Final) <> │
│ Kernel Version = 2.6.32-358.2.1.el6.i686 - 32 Bit │
│ Incredible PBX 3 Version = 3.1.0


I recently installed Wireshark to monitor why my PBX would consistently drop calls at 900 seconds. In the process of that i was getting this report back from the CLI:
root@pbx:~ $ tcpdump -w -p -n -s 0 udp > /home/capture.pcap
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
^C106126 packets captured
106147 packets received by filter
15 packets dropped by kernel

I'm guessing dropped packets would be bad here right? Where can i look to fix this?
Also, the file name shows up for my capture in the home directory, but no data, any ideas why its not recording? This was my command:
root@pbx:~ $ tcpdump -w -p -n -s 0 udp > /home/capture.pcap
 

rossiv

Guru
Joined
Oct 26, 2008
Messages
2,624
Reaction score
139
Don't you want /root for root's home directory? /home would only be utilized if you had a non-root user's home directory there.
You may also find that running through the Asterisk logs would be more fruitful that tcpdump.
 

nateornat

Member
Joined
May 15, 2009
Messages
100
Reaction score
9
I was under the assumption /home is just where the output files ends up stored.
Anyhow, i'm more worried about 15 packets dropped by kernel.
How could i use the asterisk logs to find out whats dropping?.
 

nateornat

Member
Joined
May 15, 2009
Messages
100
Reaction score
9
Since you're here,

This is the log of whats happening:

Code:
2014-09-02 16:01:44] VERBOSE[25626] pbx.c:    -- Executing [s@macro-hangupcall:3] Hangup("SIP/didforsale_1-00001bd9", "") in new stack
[2014-09-02 16:01:44] VERBOSE[25626] app_macro.c:  == Spawn extension (macro-hangupcall, s, 3) exited non-zero on 'SIP/didforsale_1-00001bd9' in macro 'hangupcall'
[2014-09-02 16:01:44] VERBOSE[25626] features.c:  == Spawn extension (macro-dial, h, 1) exited non-zero on 'SIP/didforsale_1-00001bd9'
[2014-09-02 16:01:44] VERBOSE[25626] app_macro.c:  == Spawn extension (macro-dial, s, 7) exited non-zero on 'SIP/didforsale_1-00001bd9' in macro 'dial'
[2014-09-02 16:01:44] VERBOSE[25626] pbx.c:  == Spawn extension (from-did-direct, 1504, 17) exited non-zero on 'SIP/didforsale_1-00001bd9'
[COLOR=#ff0000][2014-09-02 16:01:45] VERBOSE[8872] chan_sip.c:    -- Incoming call: Got SIP response 400 "Bad Request" back from 209.216.2.211:5060[/COLOR]
[2014-09-02 16:02:00] VERBOSE[29834] pbx.c:    -- Executing [h@macro-dial:1] Macro("SIP/didforsale_1-00001c07", "hangupcall") in new stack
[2014-09-02 16:02:00] VERBOSE[29834] pbx.c:    -- Executing [s@macro-hangupcall:1] GotoIf("SIP/didforsale_1-00001c07", "1?theend") in new stack
[2014-09-02 16:02:00] VERBOSE[29834] pbx.c:    -- Goto (macro-hangupcall,s,3)
[2014-09-02 16:02:00] VERBOSE[29834] pbx.c:    -- Executing [s@macro-hangupcall:3] Hangup("SIP/didforsale_1-00001c07", "") in new stack
[2014-09-02 16:02:00] VERBOSE[29834] app_macro.c:  == Spawn extension (macro-hangupcall, s, 3) exited non-zero on 'SIP/didforsale_1-00001c07' in macro 'hangupcall'


So i Assume Bad Request from did4sale is where the problem is, and always at 900 seconds into the call. is that their fix or mine? What needs to be changed?
 

rossiv

Guru
Joined
Oct 26, 2008
Messages
2,624
Reaction score
139
Yep, they are sending the 400 Bad Request. In that sense, it's something you're sending them that they don't like. So perhaps something in your trunk configuration. Perhaps reach out to them and see if they can shed some light?

And those packets may not necessarily be Asterisk-related. Those are just UDP packets, not specifically VoIP UDP packets. Could be another system service.
 

nateornat

Member
Joined
May 15, 2009
Messages
100
Reaction score
9
Just for Reference and future troubleshooting, I have over 150 DID's with didforsale, and 5 of them disconnect after 15 minutes or 900 seconds. It is a block of 5 numbers (in order) . That being said, the 8 hours i spent troubleshooting this on my system was a waste of time since the problem was not with my server or PBX in a Flash. Even though they say they show no issues at didforsale, the problem is theirs. Still waiting on a fix from them.
Thanks for your help.
 

Members online

No members online now.

Forum statistics

Threads
25,782
Messages
167,509
Members
19,202
Latest member
pbxnewguy
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.
Top