Wireshark 4

[dsm600rr]

Hello all,

Curious if anyone knows of any good documentation or videos on using wireshark, specifically with the IPO.

I haven't needed to use it much in the past, however it would be a good tool to prove to the Firewall Admin some points.

For instance today, we are having issues with a SIP Trunk. The Carrier is showing weird ports on their end. They requested we run a Wireshark capture between the IPO and the customers FW.

Thank you.

ACSS / ACIS
Dcomm, LLC

https://dcommsc.com

 

[Nortel4Ever]

I had never used Wireshark until recently as I had to get some traces for Avaya Support. I just went to YouTube and found some good content that got me going. It wasn't as hard as I thought it would be.

 

[derfloh]

You have to record the packets on a switch mirror Port as an IP500 can not record them itself. This can only be done with Server Edition.

Probably you can also capture on the internal and
The outside interface of the firewall to compare the packages.

IP Office remote service
IP Office certificate check
CLI based call blocking
SCN fallback over PSTN

 

[ipohead]

There are plenty of courses at Udemy. Do sign up for their list as there's a sale from time to time.

 

[dsm600rr]

Appreciate all the post gents.

Nortel4Ever: Same situation, I have been doing this work for almost 9 years and have only used wireshark a handful of times. Years ago. Time to get on YouTube.

derfloh: The Topology is a Voice VLAN on its own switch. I have a PC on the Voice VLAN so that I can Splashtop into the IPO Remotely. So PC, IPO and Phones all on the same switch. Would I need to mirror the ports from the IPO and PC I have on site and then run a capture between the IPO and the clients Firewall?

ipohead: I will take a look, much appreciated.

ACSS / ACIS
Dcomm, LLC

https://dcommsc.com

 

[biglebowski]

If it's a cisco switch use a port mirror session (span) from the IPO port to your PC and run wireshark on that.

in conf t:

(config)# monitor session 1 source interface Gi0/1

(config)# monitor session 1 destination interface Gi0/2

then to get rid of it after:

(config)# no monitor session 1

If you have call recording make sure it's not using span as well:

(config)# show monitor session all

If you do just use the next sequence number for the session

 

[dsm600rr]

biglebowski: Its a Ubiquiti Switch for the Voice VLAN.

ACSS / ACIS
Dcomm, LLC

https://dcommsc.com

 

[biglebowski]

should be nice and easy via the unifi gui.

 

[dsm600rr]

If possible, could someone post a screenshot of how we should run Wireshark. Kind of in the middle of trying to get this resolved as we were thrown into this last night with no notice. So I will have their admin mirror the Local PC/IPO Ports and run a capture from the local pc to the IPO/Firewall. If not, I understand, just don't have the time right now to review all of the helpful suggestions above at the moment.

Also, NexVortex Suggested changing the "Firewall Type" from "Static Port Block" to "Unknown", which we will try.

ACSS / ACIS
Dcomm, LLC

https://dcommsc.com

 

[biglebowski]

open wireshark and choose the 'capture' menu and then 'options'

this should open a window with your network cards

find the interface that has your IP address and highlight it

click start

you should see traffic scrolling in the window.

when done click stop (red square) and then menu > save as (choose pcap as that will make it easier for them to open)

 

[dsm600rr]

biglebowski: Thank you! Do I need to define the Firewall Address as well? Or just my local interface on my PC that's it mirrored to the IPO Port?

ACSS / ACIS
Dcomm, LLC

https://dcommsc.com

 

[biglebowski]

just the interface that's on your PC

You want them to mirror/span the traffic FROM the IPO server switch port TO your PC switch port

It will capture traffic for your PC as well but Avaya can apply filters to see what they need to look at so you don't need to mess with any filters etc.

 

[dsm600rr]

biglebowski: Much appreciated, Sir. I apologize, Im not being lazy, just no time right now so I appreciate your assistance. Excited to learn more when I have the time.

ACSS / ACIS
Dcomm, LLC

https://dcommsc.com