Microsoft Teams, Poly Devices and Remote Packet Capture

This is one of those posts where I’m sharing more for me to come back and find later. I was working with a customer and got asked about QoS and ports. I had previously looked into this and then as one does, let life get in the way (evidently starting a business takes effort, who knew?) and I never got around to doing the network traces. So, today, I fired up my trusty old friend, Wireshark in order to watch was happening.

Here’s the idea, in the Teams Admin Center, we can flip a switch to “Insert Quality of Service (QoS) markers for real-time media traffic” as well as specify the port ranges for said “real-time media traffic” as seen in this screen shot:

Teams Admin Center - Meeting Settings

The questions that came up was do these settings only apply for meetings and do they apply to Teams Native devices such as Yealink, AudioCodes, Poly, or do they only apply to the desktop? The reason for this is that if we know what source ports are being used, we can tag our QoS at the network.

So, I set out to test by doing two things from each client. First, connect to a meeting and see what ports are used. Then, call a PSTN number and again, watch what ports are utilized by the client. With the desktop client (on a PC, I don’t have a Mac to test with), in both cases, I saw the client utilize the prescribed ports (50,000-50,019 for Audio as an example). So far, so good.

I then grabbed the only Teams Native device that I had on-hand which was a Poly Trio 8800. I am running the latest 5.9.x firmware on it. I have it set to use the Teams mode. Only problem, I don’t have it on a managed switch in order to do a port mirror. I faintly remembered that with the VVX’s there was a setting so that you could do a remote capture. Spent a little bit of time looking at the Admin guide and found it, Remote Packet Capture. In order to do the remote packet capture, you need to enable it on the Trio. I used the following in a .cfg file and uploaded it to the device.

By default, the password is the MAC address. I didn’t want to type that all out so I changed it to something simpler (Note: I did not use “123456”, I just put that in here as an example.)

Once that was done, I set up the remote capture inside Wireshark. To do this, go to the Capture menu and choose Options. Then click on Manage Interfaces and choose the Remote Interfaces tab. Hit the “+” and it will ask you for the following:

  • Host: Enter the IP of your device
  • Port: 2002 (this is the default)

Select Password authentication

  • Username: Polycom (case sensitive)
  • Password: (Whatever you put in the Password field above)

Remote Interface

Hit Ok and it should add a rpcap line. You can then capture on the rpcap interface and see the ports you need.

Capture Interfaces

For me, what I found was that both in a meeting and in a direct PSTN call, the Trio would not use the specified ports from the Meeting Settings. It always used random high ports (granted, they were close to each other so clearly it has a method of where to start looking for a port).

The downside is that if you are wanting to tag on ingress to the network, as of right now, you will have to look at destination ports and IP’s and only tag when the device is going out to Microsoft (i.e. a Meeting). Peer to peer calls with a Teams Native device as of right now won’t use the prescribed ports so you won’t have any way to properly identify the workload. When Microsoft fixes this, I’ll be sure to update this post.

comments powered by Disqus