Skip to end of metadata
Go to start of metadata

In this section:

Modified: for 5.1.2


TShark is a tool that is used to analyze the network issues by capturing the packet traces. These captured packets are saved as .pcap files and Wireshark reads these packet traces.

To protect the system from overload, TShark captures one packet trace at a time.


Ensure that Wireshark application is installed and configure appropriately before proceeding.

On the main SBC screen, go to Troubleshooting > Troubleshooting Tools > TShark. The Run TShark Trace window is displayed.


Figure : Run TShark Trace

The following fields are displayed.

Table : TShark Trace Parameters

Parameter Description
Platform Interfaces

Drop-down list of different platform interfaces available for capturing the packet traces. 

Filter  Optional field to enter a TShark filter. For example, to capture the ppkt2 interface traffic (media signaling) to and fro IP address, enter host

Save log file as 

Option to enter the name of the packet trace to be saved.


Specifies the status of the packet trace.


To Start Trace

  1. For Platform Interface, choose the desired value from the Platform Interface drop-down list.

    Figure : \Platform Interface

  2. (Optional) For Filter, enter a valid Tshark filter syntax.

    Figure : TShark Filter

  3. For Save log file as, enter the log file name.

    Figure : Save log file as

  4. Click Start Trace.

    Figure : Start Trace

    Status is updated to Trace Running.

    Figure : Trace Running Status

  5. Proceed to next section to stop and save the trace file.

To Stop and Save Trace

  1. Click Stop and Save Trace. The status is updated to Trace saved to a file <filename>.pcap, where <filename> is the name of the saved log file.


    Figure : Stop and Save Trace

  2. To view the TShark log files, go to Troubleshooting > Call Trace/Logs/Monitors > Log Management. Select T-Shark from the list to view the logs. Refer to Log Management for more information.

    T-Shark option is not available under the list until at least one trace is started, stopped and saved.



Files with the .pcap extension contains the Tshark trace. The Tshark program stops writing to the files after the file size exceeds 500 megabytes. The SBC halts the writing operation to stop creating excessively large file buffers. This limits the memory consumption by the Tshark program, and prevents system failure.