Attachment 11 use of common analyzing and positioning tools

Use of Common Analyzing and Positioning ToolsSecurity

Level

1 Network Packet Catcher and Analyzer

The UAP that functions as SoftACD communicates with the CTI/IVR through the TCP protocol. Because the UAP and the CTI/IVR are two different products, they might not agree with each other in respect of log and message tracing. Thus, to determine whether a problem occurs at the side of the UAP or the CTI/IVR, the correct method is to analyze the TCP network packets sent between the UAP and the CTI/IVR.

Ethereal 0.10.12 is a complimentary network protocol analyzer program that supports UNIX and Windows. This program helps you to capture data from the network and analyze the data, and to analyze the data that is captured by a sniffer and saved in a hard disk. This program also helps you to view the captured data packets in an interactive manner and to query for the abstract and details about each packet. The Ethereal has diverse powerful features including support for almost all protocols, rich filter language, and ease to query for the data flow after TCP sessions are reconstructed.

2023-4-15 HUAWEI Confidential Page 1, Total 10


Level

1.1 Basic Use of the Tool

1.1.1 Basic UseFor the information about the basic use of the Ethereal, refer to 《Ethereal操作指导书》(without English version) on the Support Web site.

1.1.2 How to Realize Packet Capture Between the UAP and the CTI Through TCP Ports

Networking

The Ethereal is bound to a specific network interface card (NIC). After being installed in a PC, the Ethereal can capture only the packets that travel through the NIC. If the packets on the network do not travel through the NIC, the packets cannot be captured. Thus, configuring the network before packet capture becomes necessary to enable the target packets to travel through the NIC of the PC where the Ethereal is installed.

Without the configuration of a LAN switch, packets cannot be captured through the LAN switch. The reason is that generally packets that travel through another port cannot be captured through a port of the LAN switch.

If the LAN switch is adopted to capture packets, the port mirroring of the LAN switch must be configured. That is, the target ports must be mirrored to the access port for packet capture. In general, the following two target ports for packet capture should be traced between the UAP and the CTI:

Target port 1: It is the associated control service element (ACSE) port of the IFM board at the UAP side that expects data packets. You can run the LST CSTACFG command to query for the information about the port.

Target port 2: It is the ACSE port at the CTI/IVR side that expects data packets. You can run the LST CTIPORT command to query for the CTI link code, IP address, and information about the IP port.

Access port for packet capture: A PC connects to this port for capturing packets.

An image of networking for packet capture between the UAP and the CTI is as follows:



Level

Gigabit port I Gigabit port II

Gigabit port I Gigabit port II

Trunk: VLANA and VLANB connect to the same GE

Target port for packet capture (Port: 1/2)

Access port for packet capture(Port: 0/24)

Configuring the LAN Switch

Take Huawei Quidway 5624P as an example. The configuration of the LAN switch is described as follows:

Configure the port mirroring to enable capturing of the packets that flow in and out of port 1/2 (Gb) at port 0/24 (100 Mb) in the data link layer.

Port mirroring is configured as follows:

< Quidway>sy //Access the system configuration mode.

[Quidway] acl num 200 //Configure numbers 200-299 in the ACL table

based on the LINK layer, numbers 0-99 based on the IP layer, and

numbers 100-199 based on the TCP layer.

[Quidway-acl-200] rule 1 permit ingress interface g1/2 //g1/2 is the

target port number for packet capture. It is the rule for configuring

the data that flows in to the port.

[Quidway-acl-200] rule 2 permit ingress interface g1/2 //g1/2 is the

target port number for packet capture. It is the rule for configuring

the data that flows out of the port.

[Quidway-acl-200]quit



Level

[Quidway]mirrored-to link-group 200 interface ethernet 0/24

//Configure the mirroring. e0/24 is the access port for packet

capture.

[Quidway]quit

For details about the use of the LAN switch (Huawei Quidway 5624P), refer to the user documents (shipped with equipment) related to HUAWEI Quidway 5624P.

Commands may vary with switches. For details, refer to the relevant operation manuals.

Packet Capture

For details, refer to the attachment.

Capture and Analysis of Network Data Packets



Level

2 PRA Signaling Analysis

The UAP that functions as an IP gateway communicates with other products through the PRA trunk. An analysis of PRA signaling is required to analyze the PRA signaling exchange of the UAP.



Level

2.1.1 PRA Signaling AnalysisFor details about tracing, analyzing and troubleshooting the PRA signaling, refer to《PRA信令分析和常见问题处理》(without English version) on the Support Web site.

2.1.2 PRA Signaling AnalyzerWhen tracing PRA messages at the UAP, right-click the page for tracing PRA messages and select the Signaling Analysis option from the displayed menu to analyze the PRA signaling.

For the PRA tracing messages provided by other sources, adopt PRA Signaling Analyzer V001 for analysis. For details, visit the Support Web site.

2.1.3 Example of PRA Signaling Analysis

Tracing PRA and SIP Messages

Reserve four to eight PRA trunks in a voice gateway, and then trace the PRA and SIP messages. The SIP tracing number is 95569.

Analyze the PRA messages of which the values in the Connect column and the Alert column are NA. These calls generally fail soon.

If the UAP receives a PRA disconnection message, you can infer that abnormal disconnection happens.


q00125393, 06/20/08,


Level

If the UAP sends a PRA disconnection message, you need to analyze the SIP message to check whether the disconnection message is sent from the NGN at the called side. Here, the disconnection is caused by unreachability.



Level

Analyze the messages of which the values in the Connect column are NA. These calls are generally unanswered, disconnected, or rejected after ringing.



Level

2.2 SIP Signaling AnalyzerNone.

2.3 ASN.1 AnalyzerNone.

2.4 Character String Analyzer

2.4.1 ASCII Code and Character String ConverterThe tool is used to view the ASCII codes in an announcement message that is delivered, convert the ASCII codes to character strings, and check whether the audio file exists on the file server.

ASCII Code and Character String Converter



Level

2.4.2 Machine Code and Chinese Character ConverterAnalyze the use of TTS variables for playing voices. This converter is used to convert the values of TTS variables (machine codes) to Chinese characters, and convert the machine codes to Chinese characters.

Machine Code and Chinese Character Converter


Technology

Attachment 11 use of common analyzing and positioning tools