Tracer and Talkument VoIP Recording

Overview

Tracer and Talkument work the same way for doing port mirroring. This
document will refer to mostly Tracer but you could insert Talkument anywhere
you see Tracer.

Tracer and Talkument monitors IP packets traveling between the IP Card and the
IP Endpoint. To ensure Tracer receives these packets, you must configure the
network so that all of the VoIP packets pass through a device capable of
replicating those packets.

An Ethernet Hub is a simple device that allows you to connect multiple systems
to an Ethernet network. Sizes range from 4 ports to 48 ports. Each Hub port
repeats every packet transmitted from the port, meaning every port on the Hub
“sees” the traffic from every other port. A packet destined for Machine A will
arrive on every port on the Hub. Machine B will see the packet destined for
Machine A, and it must decide what to do with it. In most cases, Machine B will
simply ignore the packets belonging to Machine A.

An Ethernet Switch is similar to Hub in external appearance. Switches will keep

track of which devices are connected to each port and filter based on the
destination. This means that a packet destined for Machine A on Port 2 will be
ignored by all other ports on the Switch. Machine B will not see the packets
destined for Machine A because the Switch only transmits the packets to
Machine A’s port.

A network analyzer connected to a Hub will see every packet on the hub. A
network analyzer connected to a Switch will only see broadcasts and traffic
destined for the device connected to current port.

The General Principle

All VoIP traffic must be concentrated through a single device capable of mirroring
the packets to Tracer.

Tracer VoIP Recording Page 1 of 11

2006 OAISYS. All rights reserved.
 IP
C
A
R
D
Tracer
Sw itch w/ Port Mirroring NIC1 = LAN
NIC2 = Mirror

LAN

Port Mirroring

Some Switches offer management services, usually through a web interface.

Port Mirroring is a feature that allows the switch to send copies of all of the
packets on one port to another port. This allows a device, such as Tracer or a
network analyzer, to receive copies of packets that it would not otherwise be able
to see.

All Devices on the Same Network

Some Switches offer Port Mirroring on a single port. For example, you can
configure port 6 to receive copies of the traffic on port 1. Connect your IP Card
to port 1. Connect your Tracer IP Tap Port to port 6. Tracer will now see copies
of all VoIP packets into and out of the IP Card.

Tracer VoIP Recording Page 2 of 11

2006 OAISYS. All rights reserved.
IP
C
A Tracer Connection
R To a Single IP Card
D

Switch w/ Port Mirroring Mirror Port

LAN LAN

Tracer
NIC1 = LAN
NIC2 = Mirror

Tracer VoIP Recording Page 3 of 11

2006 OAISYS. All rights reserved.
Some Switches support multi-port Mirroring. These switches allow you to
connect two or more IP Cards and mirror the traffic from each to the same
monitor port. For example, you have three IP Cards on ports 1, 2, and 3.
Configure Mirroring on ports 1, 2, and 3, with the target set as port 6. Connect
your Tracer IP Tap Port to Switch Port 6. Tracer will now see copies of all VoIP
packets for all three IP Cards. Here is an example of the user interface for a
Network Switch that allows this functionality:

Tracer VoIP Recording Page 4 of 11

2006 OAISYS. All rights reserved.
Tracer VoIP Recording Page 5 of 11
2006 OAISYS. All rights reserved.
 IP IP IP
C C C
A A A Tracer Connection
R R R To Multiple IP Cards
D D D

Switch w/ Port Mirroring Mirror Port

LAN LAN

Tracer
NIC1 = LAN
NIC2 = Mirror
The above examples assume the IP Card resides on the same LAN as the user
end points, and there is no firewall. The next two examples describe possible
configurations when the IP Cards are placed outside the firewall.

Tracer VoIP Recording Page 6 of 11

2006 OAISYS. All rights reserved.
IP Card(s) on Different Networks

In some cases, system designers must place the IP Card on a network segment
outside the LAN in order to enable remote connections from people outside the
office.

IP
C
A Tracer Connection
R To a Single IP Card
D Located Outside the LAN

Internet Router Switch w/ Port Mirroring

Mirror Port
(passive connection)

Trusted
Firew all connection

LAN LAN

Tracer
In this diagram, the IP Card is located on the public Internet. The Tracer and the
NIC1 = LAN
rest of the LAN systems are placed behind a firewall to protect against
NIC2 = Mirror
unauthorized access and to conserve public IP addresses.

The Mirror Port connection bypasses the firewall, creating a physical link
between Tracer and the Switch. The Tracer IP Tap Port does not bind an IP
stack to the network card. It cannot transmit packets, nor can it respond to
packets arriving on the port. The connection is not addressable by devices, and
therefore not a target for intrusion.

Tracer VoIP Recording Page 7 of 11

2006 OAISYS. All rights reserved.
A Switch that supports multiple port mirroring is needed if you have more than
one IP Card located outside the firewall.

IP IP IP
C C C
A A A Tracer Connection
R R R To Multiple IP Cards
D D D Located Outside the LAN

Internet Router Switch w/ Port Mirroring

Mirror Port
(passive connection)

Trusted
Firewall connection

LAN LAN

Tracer
NIC1 = LAN
NIC2 = Mirror

Tracer VoIP Recording Page 8 of 11

2006 OAISYS. All rights reserved.
One IP Card Internal – One IP Card External

IP IP IP IP
C C C Tracer Connection C
A A A To Multiple IP Cards A
R R R Located Inside and R
D D D Outside the LAN D

Hub

Mirror Port
(passive connection
going around f/w) Switch w/ Port Mirroring
Internet Router Switch w/ Port Mirroring

LAN

Firewall
LAN
Mirror Port

Tracer
NIC1 = LAN
NIC2 = Mirror

This configuration supports recording of both public and private IP

telecommunications. The switch handling the public IP station card(s) needs to
have a mirror port enabled and connected to a hub. This connection is passive
and should not be a security risk.
The switch handling the private IP station card(s) needs to also have a mirror
port enabled and connected to the hub. The hub then provides a single IP voice
connection to Tracer’s voice NIC. Tracer’s data NIC needs to be connected to
the LAN.

Multiple IP Cards on Different Networks

This presents challenges when IP Cards reside on separate segments, or when

some are inside the firewall and others are outside. Future releases of Tracer
will support multiple network segments using two or more passive network taps.

Tracer VoIP Recording Page 9 of 11

2006 OAISYS. All rights reserved.
 IP IP IP
C C C Tracer Connection
A A A To Multiple IP Cards
R R R Located Inside and
D D D Outside the LAN

IP
C
Internet R outer Switch w/ Port Mirroring A
R
Mirror Port D
(passive connection)

Firewall Trusted
connection

Switch w/ Port Mirroring

LAN LAN Second Mirror Port LAN

Tracer
Peer to Peer calls NIC1 = LAN
NIC2 = Mirror

Tracer will not record peer-to-peer calls between two endpoints. Some VoIP
solutions allow endpoints to negotiate a direct audio channel between the
devices. Since the audio packets may not flow through the IP Card, Tracer will
not see the packets and will net be able to record the call. The data (call control)
packets flow through the Switch. The audio packets flow directly between the
endpoints, and not through the Switch.

Tracer VoIP Recording Page 10 of 11

2006 OAISYS. All rights reserved.
Configuring the Voice Assistant Tracer

The voice ports must be configured in the Voice Assistant Tracer application
under the Pgm VPorts tab.

Enter the VoIP station extension number.

Enter the IP Address of the IP card hosting the Station Extension.
Select VoIP for the Trunk Type under Trunk Information.

Tracer VoIP Recording Page 11 of 11

2006 OAISYS. All rights reserved.