Академический Документы
Профессиональный Документы
Культура Документы
Overview
Tracer and Talkument work the same way for doing port mirroring. This
document will refer to mostly Tracer but you could insert Talkument anywhere
you see Tracer.
Tracer and Talkument monitors IP packets traveling between the IP Card and the
IP Endpoint. To ensure Tracer receives these packets, you must configure the
network so that all of the VoIP packets pass through a device capable of
replicating those packets.
An Ethernet Hub is a simple device that allows you to connect multiple systems
to an Ethernet network. Sizes range from 4 ports to 48 ports. Each Hub port
repeats every packet transmitted from the port, meaning every port on the Hub
“sees” the traffic from every other port. A packet destined for Machine A will
arrive on every port on the Hub. Machine B will see the packet destined for
Machine A, and it must decide what to do with it. In most cases, Machine B will
simply ignore the packets belonging to Machine A.
A network analyzer connected to a Hub will see every packet on the hub. A
network analyzer connected to a Switch will only see broadcasts and traffic
destined for the device connected to current port.
All VoIP traffic must be concentrated through a single device capable of mirroring
the packets to Tracer.
LAN
Port Mirroring
Some Switches offer Port Mirroring on a single port. For example, you can
configure port 6 to receive copies of the traffic on port 1. Connect your IP Card
to port 1. Connect your Tracer IP Tap Port to port 6. Tracer will now see copies
of all VoIP packets into and out of the IP Card.
LAN LAN
Tracer
NIC1 = LAN
NIC2 = Mirror
LAN LAN
Tracer
NIC1 = LAN
NIC2 = Mirror
The above examples assume the IP Card resides on the same LAN as the user
end points, and there is no firewall. The next two examples describe possible
configurations when the IP Cards are placed outside the firewall.
In some cases, system designers must place the IP Card on a network segment
outside the LAN in order to enable remote connections from people outside the
office.
IP
C
A Tracer Connection
R To a Single IP Card
D Located Outside the LAN
Mirror Port
(passive connection)
Trusted
Firew all connection
LAN LAN
Tracer
In this diagram, the IP Card is located on the public Internet. The Tracer and the
NIC1 = LAN
rest of the LAN systems are placed behind a firewall to protect against
NIC2 = Mirror
unauthorized access and to conserve public IP addresses.
The Mirror Port connection bypasses the firewall, creating a physical link
between Tracer and the Switch. The Tracer IP Tap Port does not bind an IP
stack to the network card. It cannot transmit packets, nor can it respond to
packets arriving on the port. The connection is not addressable by devices, and
therefore not a target for intrusion.
IP IP IP
C C C
A A A Tracer Connection
R R R To Multiple IP Cards
D D D Located Outside the LAN
Mirror Port
(passive connection)
Trusted
Firewall connection
LAN LAN
Tracer
NIC1 = LAN
NIC2 = Mirror
IP IP IP IP
C C C Tracer Connection C
A A A To Multiple IP Cards A
R R R Located Inside and R
D D D Outside the LAN D
Hub
Mirror Port
(passive connection
going around f/w) Switch w/ Port Mirroring
Internet Router Switch w/ Port Mirroring
LAN
Firewall
LAN
Mirror Port
Tracer
NIC1 = LAN
NIC2 = Mirror
IP
C
Internet R outer Switch w/ Port Mirroring A
R
Mirror Port D
(passive connection)
Firewall Trusted
connection
Tracer
Peer to Peer calls NIC1 = LAN
NIC2 = Mirror
Tracer will not record peer-to-peer calls between two endpoints. Some VoIP
solutions allow endpoints to negotiate a direct audio channel between the
devices. Since the audio packets may not flow through the IP Card, Tracer will
not see the packets and will net be able to record the call. The data (call control)
packets flow through the Switch. The audio packets flow directly between the
endpoints, and not through the Switch.
The voice ports must be configured in the Voice Assistant Tracer application
under the Pgm VPorts tab.