A Welcome Addition to Lync 2013’s Snooper


I was recently troubleshooting a Lync 2013 XMPP <-> Gmail issue and came across a great new addition to Snooper – the Flow Chart (call flow) window. As you can see in the image below, it is similar to Wireshark’s SIP flow tool, but is diagrammed right from ocslogger’s logs – no TLS decryption required!


To use the tool:

1. Gather your logs in ocslogger. If you don’t have the 2013 debugging tools installed, you can get them here.

2. Click “Analyze” to launch Snooper

3. In either “Messages” or “Trace” view, click on the new call flow icon, highlighted in yellow


4. Presto! A nicely laid out SIP call flow.

Default view:



Aside from the overview, you have options to include timestamps and merge (semi) redundant SIP message – if you’ve troubleshot collocated mediation servers in the past this is a great way to minimize the clutter of the flow.

Merged View:



The tool is great for troubleshooting on your own, but even better when conveying complex topologies and call flow to customers or colleagues. In heterogeneous environments a visual aid like this can save hours of explanation and finger-pointing. I have yet to try it, but I’d expect the tool to work on any UCMA application, including Exchange UM (2010 SP1 + higher) and custom applications.

Nice work Snooper team!

This entry was posted in Lync, Lync 2013 and tagged , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s