Configuring monitoring applications
Note:
Ethereal is an open source application.
Note:
In addition, the G250/G350's packet sniffing service is capable of capturing non-Ethernet
packets, such as frame-relay and PPP. Non-Ethernet packets are wrapped in a dummy Ethernet
header to allow them to be viewed in a libpcap format. Thus, the G250/G350 allows you to
analyze packets on all the interfaces of the device.
The G250/G350's packet sniffing service gives you full control over the memory usage of the
sniffer. You can set a maximum limit for the capture buffer size, configure a circular buffer so
that older information is overwritten when the buffer fills up, and specify a maximum number of
bytes to capture for each packet.
What can be captured
The G250/G350 packet sniffing service captures only the packets handled by the G250/G350
and delivered to the device CPU ("non-promiscuous" mode). This is unlike regular sniffer
applications that pick up all traffic on the network.
Streams that can always be captured include:
H.248 registration
●
RTP from the G250/G350
●
ARP on the LAN (broadcast)
●
All packets that traverse the WAN
●
All traffic to/from the G250/G350
●
Streams that can never be captured because they are switched by the internal Ethernet switch
and not by the CPU include:
H.323 Signaling from an IP phone on the LAN to an ICC on the LAN
●
RTP stream between IP phones on the LAN
●
Streams that can be captured if the G250/G350 is the WAN router include:
H.323 Signaling from IP phones on the LAN to an ECC over the WAN
●
DHCP when the DHCP server is behind the WAN (using the G250/G350 DHCP relay
●
capability)
RTP stream on an IP phone on the LAN to a remote IP phone
●
The following sections describe how to configure packet sniffing and analyze the resulting
capture file.
282 Administration for the Avaya G250 and Avaya G350 Media Gateways