Upload
christian-silva-espinoza
View
163
Download
2
Tags:
Embed Size (px)
Citation preview
Use of Common Analyzing and Positioning ToolsSecurity
Level
1 Network Packet Catcher and Analyzer
The UAP that functions as SoftACD communicates with the CTI/IVR through the TCP protocol. Because the UAP and the CTI/IVR are two different products, they might not agree with each other in respect of log and message tracing. Thus, to determine whether a problem occurs at the side of the UAP or the CTI/IVR, the correct method is to analyze the TCP network packets sent between the UAP and the CTI/IVR.
Ethereal 0.10.12 is a complimentary network protocol analyzer program that supports UNIX and Windows. This program helps you to capture data from the network and analyze the data, and to analyze the data that is captured by a sniffer and saved in a hard disk. This program also helps you to view the captured data packets in an interactive manner and to query for the abstract and details about each packet. The Ethereal has diverse powerful features including support for almost all protocols, rich filter language, and ease to query for the data flow after TCP sessions are reconstructed.
2023-4-15 HUAWEI Confidential Page 1, Total 10
Use of Common Analyzing and Positioning ToolsSecurity
Level
1.1 Basic Use of the Tool
1.1.1 Basic UseFor the information about the basic use of the Ethereal, refer to 《Ethereal操作指导书》(without English version) on the Support Web site.
1.1.2 How to Realize Packet Capture Between the UAP and the CTI Through TCP Ports
Networking
The Ethereal is bound to a specific network interface card (NIC). After being installed in a PC, the Ethereal can capture only the packets that travel through the NIC. If the packets on the network do not travel through the NIC, the packets cannot be captured. Thus, configuring the network before packet capture becomes necessary to enable the target packets to travel through the NIC of the PC where the Ethereal is installed.
Without the configuration of a LAN switch, packets cannot be captured through the LAN switch. The reason is that generally packets that travel through another port cannot be captured through a port of the LAN switch.
If the LAN switch is adopted to capture packets, the port mirroring of the LAN switch must be configured. That is, the target ports must be mirrored to the access port for packet capture. In general, the following two target ports for packet capture should be traced between the UAP and the CTI:
Target port 1: It is the associated control service element (ACSE) port of the IFM board at the UAP side that expects data packets. You can run the LST CSTACFG command to query for the information about the port.
Target port 2: It is the ACSE port at the CTI/IVR side that expects data packets. You can run the LST CTIPORT command to query for the CTI link code, IP address, and information about the IP port.
Access port for packet capture: A PC connects to this port for capturing packets.
An image of networking for packet capture between the UAP and the CTI is as follows:
2023-4-15 HUAWEI Confidential Page 2, Total 10
Use of Common Analyzing and Positioning ToolsSecurity
Level
Gigabit port I Gigabit port II
Gigabit port I Gigabit port II
Trunk: VLANA and VLANB connect to the same GE
Target port for packet capture (Port: 1/2)
Access port for packet capture(Port: 0/24)
Configuring the LAN Switch
Take Huawei Quidway 5624P as an example. The configuration of the LAN switch is described as follows:
Configure the port mirroring to enable capturing of the packets that flow in and out of port 1/2 (Gb) at port 0/24 (100 Mb) in the data link layer.
Port mirroring is configured as follows:
< Quidway>sy //Access the system configuration mode.
[Quidway] acl num 200 //Configure numbers 200-299 in the ACL table
based on the LINK layer, numbers 0-99 based on the IP layer, and
numbers 100-199 based on the TCP layer.
[Quidway-acl-200] rule 1 permit ingress interface g1/2 //g1/2 is the
target port number for packet capture. It is the rule for configuring
the data that flows in to the port.
[Quidway-acl-200] rule 2 permit ingress interface g1/2 //g1/2 is the
target port number for packet capture. It is the rule for configuring
the data that flows out of the port.
[Quidway-acl-200]quit
2023-4-15 HUAWEI Confidential Page 3, Total 10
Use of Common Analyzing and Positioning ToolsSecurity
Level
[Quidway]mirrored-to link-group 200 interface ethernet 0/24
//Configure the mirroring. e0/24 is the access port for packet
capture.
[Quidway]quit
For details about the use of the LAN switch (Huawei Quidway 5624P), refer to the user documents (shipped with equipment) related to HUAWEI Quidway 5624P.
Commands may vary with switches. For details, refer to the relevant operation manuals.
Packet Capture
For details, refer to the attachment.
Capture and Analysis of Network Data Packets
2023-4-15 HUAWEI Confidential Page 4, Total 10
Use of Common Analyzing and Positioning ToolsSecurity
Level
2 PRA Signaling Analysis
The UAP that functions as an IP gateway communicates with other products through the PRA trunk. An analysis of PRA signaling is required to analyze the PRA signaling exchange of the UAP.
2023-4-15 HUAWEI Confidential Page 5, Total 10
Use of Common Analyzing and Positioning ToolsSecurity
Level
2.1.1 PRA Signaling AnalysisFor details about tracing, analyzing and troubleshooting the PRA signaling, refer to《PRA信令分析和常见问题处理》(without English version) on the Support Web site.
2.1.2 PRA Signaling AnalyzerWhen tracing PRA messages at the UAP, right-click the page for tracing PRA messages and select the Signaling Analysis option from the displayed menu to analyze the PRA signaling.
For the PRA tracing messages provided by other sources, adopt PRA Signaling Analyzer V001 for analysis. For details, visit the Support Web site.
2.1.3 Example of PRA Signaling Analysis
Tracing PRA and SIP Messages
Reserve four to eight PRA trunks in a voice gateway, and then trace the PRA and SIP messages. The SIP tracing number is 95569.
Analyze the PRA messages of which the values in the Connect column and the Alert column are NA. These calls generally fail soon.
If the UAP receives a PRA disconnection message, you can infer that abnormal disconnection happens.
2023-4-15 HUAWEI Confidential Page 6, Total 10
Use of Common Analyzing and Positioning ToolsSecurity
Level
If the UAP sends a PRA disconnection message, you need to analyze the SIP message to check whether the disconnection message is sent from the NGN at the called side. Here, the disconnection is caused by unreachability.
2023-4-15 HUAWEI Confidential Page 7, Total 10
Use of Common Analyzing and Positioning ToolsSecurity
Level
Analyze the messages of which the values in the Connect column are NA. These calls are generally unanswered, disconnected, or rejected after ringing.
2023-4-15 HUAWEI Confidential Page 8, Total 10
Use of Common Analyzing and Positioning ToolsSecurity
Level
2.2 SIP Signaling AnalyzerNone.
2.3 ASN.1 AnalyzerNone.
2.4 Character String Analyzer
2.4.1 ASCII Code and Character String ConverterThe tool is used to view the ASCII codes in an announcement message that is delivered, convert the ASCII codes to character strings, and check whether the audio file exists on the file server.
ASCII Code and Character String Converter
2023-4-15 HUAWEI Confidential Page 9, Total 10
Use of Common Analyzing and Positioning ToolsSecurity
Level
2.4.2 Machine Code and Chinese Character ConverterAnalyze the use of TTS variables for playing voices. This converter is used to convert the values of TTS variables (machine codes) to Chinese characters, and convert the machine codes to Chinese characters.
Machine Code and Chinese Character Converter
2023-4-15 HUAWEI Confidential Page 10, Total 10