Sometimes you want to use Wireshark to capture packets On Cisco Meeting Server to troubleshoot and investigate video call issues, quality issues, or may be Expressway integration, WebRTC Connections, or why not, understand how the communication and the call flows occur between endpoints, Cisco CUCM etc with Cisco Meeting Server BUT you are so far from the CMS Location, there is an intuitive solution to capture PCAP file on Cisco Meeting Server using CLI, once the packets are captured , you can download the PCAP file using WinSCP into you Laptop , finally, you open it using Wireshark to enjoy the investigation.
Locate the interface, in my example, my Call Bridge is listening on A interface.
Once you find the interface, execute the pcap a command as shown below.
Currently the Cisco CMS is starting the packet capture, for example after enabling packet capture, I triggered a conference and there are two participants.
Once you are ready to analyze the packets, stop the packet capture using CTRL C.
The pcap file can be downloaded into your PC by accessing the Cisco CMS with WinSCP application, the name of the pcap file is admin-a-20210110-152113.pcap.
Now you can start your investigation by opening the pcap file with Wireshark.