Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Wireshark 4

Status
Not open for further replies.
dsm600rr

dsm600rr

IS-IT--Management
Nov 17, 2015
1,444
US
Hello all,

Curious if anyone knows of any good documentation or videos on using wireshark, specifically with the IPO.

I haven't needed to use it much in the past, however it would be a good tool to prove to the Firewall Admin some points.

For instance today, we are having issues with a SIP Trunk. The Carrier is showing weird ports on their end. They requested we run a Wireshark capture between the IPO and the customers FW.

Thank you.

ACSS / ACIS
Dcomm, LLC
 
Sort by date Sort by votes
I had never used Wireshark until recently as I had to get some traces for Avaya Support. I just went to YouTube and found some good content that got me going. It wasn't as hard as I thought it would be.

 
Upvote 0 Downvote
Upvote 0 Downvote
There are plenty of courses at Udemy. Do sign up for their list as there's a sale from time to time.
 
Upvote 0 Downvote
Appreciate all the post gents.

Nortel4Ever: Same situation, I have been doing this work for almost 9 years and have only used wireshark a handful of times. Years ago. Time to get on YouTube.

derfloh: The Topology is a Voice VLAN on its own switch. I have a PC on the Voice VLAN so that I can Splashtop into the IPO Remotely. So PC, IPO and Phones all on the same switch. Would I need to mirror the ports from the IPO and PC I have on site and then run a capture between the IPO and the clients Firewall?

ipohead: I will take a look, much appreciated.

ACSS / ACIS
Dcomm, LLC
 
Upvote 0 Downvote
If it's a cisco switch use a port mirror session (span) from the IPO port to your PC and run wireshark on that.

in conf t:

(config)# monitor session 1 source interface Gi0/1

(config)# monitor session 1 destination interface Gi0/2

then to get rid of it after:

(config)# no monitor session 1

If you have call recording make sure it's not using span as well:

(config)# show monitor session all

If you do just use the next sequence number for the session
 
Upvote 0 Downvote
If possible, could someone post a screenshot of how we should run Wireshark. Kind of in the middle of trying to get this resolved as we were thrown into this last night with no notice. So I will have their admin mirror the Local PC/IPO Ports and run a capture from the local pc to the IPO/Firewall. If not, I understand, just don't have the time right now to review all of the helpful suggestions above at the moment.

Also, NexVortex Suggested changing the "Firewall Type" from "Static Port Block" to "Unknown", which we will try.

ACSS / ACIS
Dcomm, LLC
 
Upvote 0 Downvote
open wireshark and choose the 'capture' menu and then 'options'

this should open a window with your network cards

Screenshot_2022-10-29_180154_pvutmv.jpg


find the interface that has your IP address and highlight it

click start

you should see traffic scrolling in the window.

when done click stop (red square) and then menu > save as (choose pcap as that will make it easier for them to open)

Screenshot_2022-10-29_180440_fzyrun.jpg
 
Upvote 0 Downvote
biglebowski: Thank you! Do I need to define the Firewall Address as well? Or just my local interface on my PC that's it mirrored to the IPO Port?

ACSS / ACIS
Dcomm, LLC
 
Upvote 0 Downvote
just the interface that's on your PC

You want them to mirror/span the traffic FROM the IPO server switch port TO your PC switch port

It will capture traffic for your PC as well but Avaya can apply filters to see what they need to look at so you don't need to mess with any filters etc.
 
Upvote 0 Downvote
biglebowski: Much appreciated, Sir. I apologize, Im not being lazy, just no time right now so I appreciate your assistance. Excited to learn more when I have the time.

ACSS / ACIS
Dcomm, LLC
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

john3voltas
  • Locked
  • Question
IP Office Server Edition - tcpdump / Wireshark
Replies
3
Views
364
john3voltas
john3voltas
Binkoba
  • Locked
  • Question
Wireshark DHCP Option 242 2
Replies
3
Views
154
Binkoba
Binkoba
dsm600rr
  • Locked
  • Question
Wireshark SIP and RTP Capture
Replies
3
Views
633
derfloh
derfloh
jak67
  • Locked
  • Question
wireshark 4
Replies
3
Views
90
jak67
jak67
NYSTECH
  • Locked
  • Question
Wireshark and IP Office SE or UC Module question 2
Replies
4
Views
97
IPGuru
IPGuru

Part and Inventory Search

Sponsor

Back
Top