Network Capture from Web Interface

Introduction

In the 3CX network, captures can be triggered directly from the Management Console. This allows for live packet captures that are saved in PCAP format which can then be attached to a generated SupportInfo file or can be directly downloaded.

Prerequisites

For Windows-based installs, it remains the administrator's obligation to install Wireshark on the OS running 3CX.

Capture Network VoIP Traffic - Wireshark Warning

If Wireshark cannot be detected this message is shown.

For Linux-based setups, tcpdump is automatically installed while installing or updating 3CX.

Start a Capture

  1. Go to your 3CX Web Client > Admin Console and navigate to "Dashboard" > Click on "Capture".

  1. If a capture driver is installed, an interface selector is visible for selecting a specific interface to record from, or select all system interfaces (IPv6 tunneling adapters are excluded).

💡 Tip: Linux allows you to also capture from the localhost (lo), useful while debugging SBC and tunnel connections.

  1. Click on “Capture” to start a new network traffic recording. Wireshark on Windows and tcpdump on Linux, remotely start capturing on the server machine.

  1. Reproduce the issue as quickly as possible, since traffic capture consumes resources and disk space. When done click on “Stop” to end the capture.

Important: Do not click anywhere except “Stop”, or change the URL in the browser as the window will be locked until the capture is stopped by the admin. This is to avoid dual or stale background capture processes running in the OS, filling up the hosts’s disk space / memory.

Retrieve the Capture

After selecting “Stop”, the capture file is saved on your local disk.

You can choose to:

  • download it directly, or
  • download a support info file, to include this capture along with the system general configuration.

Regardless of your choice to get the captured PCAP file, the files are deleted from the server. The server-side capture files are stored in:

  • Windows: “C:\ProgramData\3CX\Instance1\Data\Logs\dump.pcap”
  • Linux: “/var/lib/3cxpbx/Instance1/Data/Logs/dump.pcap”

Once you download the captured PCAP file, you can review it using Wireshark on any PC/MAC.

Limitations

Certain limitations are in place to prevent system overloads or abandoned captures in the system:

  • The built-in capture feature cannot be used to run long-term captures and still need to be started manually by the admin on the host.
  • Capture size is limited to capture a maximum of 2 million packets, after which it automatically stops from collecting more data.

💡 Tip: You can also use the manual capture option as explained here.

Last Updated

This document was last updated on 15 June 2024

https://www.3cx.com/docs/capture-network-traffic/