A packet capture must be obtained directly from a Linux device for technical review.
Pelco Cameras, Pelco Video Management
- Sarix platform cameras
- Endura Linux devices
Information to assist users in obtaining a network packet capture from a Linux device for review.
- Putty.exe and Pscp.exe must be installed on the Windows PC from which this procedure will be run. The complete PuTTY package that includes these files is available as a Windows installer package from putty.org .
- SSH must be enabled on the Sarix camera or Endura device. By default all Endura devices have SSH enable. To enable SSH on a Sarix camera access the Web UI of the camera and select Network -> SSH.
- Tcpdump must be installed on the appropriate Linux device(s). See Lessons Learned Article #10744 on installing tcpdump on a Pelco Linux device.
Start Windows Command Prompt and type putty [deviceIP]
Example: putty 192.168.5.10
- Another window will open at this time. When prompted for a username and password the username is root and the default password is pel2899100 for Endura devices or the password that has been specified for the Sarix camera.
- Type cd /root to ensure that we are in the root directory.
- Type tcpdump -s0 -w capture.pcap to begin the packet capture.
· -s0 captures the entire packet (default is 96 bytes which typically isn't large enough for a SOAP message)
· -w capture.pcap writes the output to capture.pcap in a format suitable for examination with Wireshark.
- Press ctrl+c to stop the packet capture.
Important Note: Video packet captures can get large quickly and take up a large amount of space on limited devices such as cameras. It is not recommended that a capture run for more than a few minutes at a time when capturing directly to a camera.
- Start Windows Command Prompt and type pscp –scp root@[deviceIP]:[file location] [local destination] to transfer the file to the local Windows PC.
Example: pscp email@example.com:/root/capture.pcap C:Files
- After the packet captures have been transferred off the Linux device, delete the packet captures by typing rm –f /root/*.pcap from the Linux command prompt. This will delete all pcap files from the root directory.