SIP Log Analysis of Video Call Between Jabber and EX60 Codec


1.  Signaling only – 

• restart your codec. This will ensure that the log files are empty when you start logging.
• login using SSH to your system as admin.
• For Sip enter the command: log ctx sippacket debug 9.
• For H.323 enter the command: log ctx h323packet debug 9.
• All log message output will now be sent into the application.log file under current logs.
• Now place the call and re-create the problem.
• Hang up the call.
• Turn off the logging you enabled, by either log ctx sippacket debug off or log ctx
h323packet debug off. Tip You can press up arrow to repeat last command and delete
the 9 and add off.
• From the web interface navigate to Diagnostics -> Log Files. Under Current logs select
eventlog/application.log to see the logging messages.

2.  Signaling, Media and all other interactions

• Login as root
• Enter the command: tcpdump –s0 –w /tmp/filename.pcap
• place a call or perform the action you want recorded (e.g. phonebook lookup). NOTE if you
have a video issue please make an unencrypted call. This way support can decode the media.
• replicate the issue.
• Hang up the call (if you are in a call).
• Ctrl + C to stop the capture.
• Use WinSCp on windows or scp on linux/OS X to login as root and navigate to /tmp and
download the log.pcap file (e.g. scp root@<Ip-Address-System>:/tmp/*.pcap will copy all
.pcap files from system to the current directory).
• To analyze the resulting file you can use Wireshark – see next section.

See screenshot showing a successful packet capture:


See screenshot of the WinSCP session to the EX60 using root credentials:


See screenshot of the Wireshark analysis with a “sip” filter:


This summary is based on the following excellent document on


About Amir Safayan

I live with my family in beautiful Colorado. We have a basset / beagle named Cisco. We board / ski, ride dirtbikes, RV and enjoy living in the Western US. I've done R/S, security, wireless, IPT and am now focused on virtualization technologies on the High Touch Team for, a large Cisco reseller.
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s