The G250/G350's packet sniffing service gives you full control over the memory usage of the
sniffer. You can set a maximum limit for the capture buffer size, configure a circular buffer so
that older information is overwritten when the buffer fills up, and specify a maximum number of
bytes to capture for each packet.
What can be captured
The G250/G350 packet sniffing service captures only the packets handled by the G250/G350
and delivered to the device CPU ("non-promiscuous" mode). This is unlike regular sniffer
applications that pick up all traffic on the network.
See
Configuring packet sniffing
sniffing and analyze the resulting capture file.
Streams that can always be captured
H.248 registration
●
RTP from the G250/G350
●
ARP on the LAN (broadcast)
●
All packets that traverse the WAN
●
All traffic to/from the G250/G350
●
Streams that can never be captured
The following streams can never be captured because they are switched by the internal
Ethernet switch and not by the CPU include:
H.323 Signaling from an IP phone on the LAN to an ICC on the LAN
●
RTP stream between IP phones on the LAN
●
Streams that can sometimes be captured
If the G250/G350 is the WAN router of the following streams, they can be captured:
H.323 Signaling from IP phones on the LAN to an ECC over the WAN
●
DHCP when the DHCP server is behind the WAN (using the G250/G350 DHCP relay
●
capability)
RTP stream on an IP phone on the LAN to a remote IP phone
●
on page 374 for a description of how to configure packet
Configuring and analyzing packet sniffing
Issue 3 February 2007
373