Actions

Difference between revisions of "Wireshark - capture data"

From Zenitel Wiki

(The network hub or switch)
 
(12 intermediate revisions by 2 users not shown)
Line 1: Line 1:
[[Image:Wireshark.png|thumb|300px|Capturing ethernet data from AlphaCom]]
+
{{AEIPS}}[[Image:Wireshark.png|thumb|300px|Capturing ethernet data from AlphaCom]]
Sometimes it is useful for debugging purposes to analyse the data on the IP network. This article describes how to use the PC program '''Wireshark''' to capture data from the ethernet port of the AlphaCom.
+
Sometimes it is useful for debugging purposes to analyze the data on the IP network. This article describes how to use the PC program '''Wireshark''' to capture data from the ethernet port of the AlphaCom.
  
 
In order to capture data you need the following equipment:
 
In order to capture data you need the following equipment:
 
* A PC with Wireshark installed
 
* A PC with Wireshark installed
* A netwok hub (or a mananged switch)
+
* A network hub (or a managed switch)
  
 
===Wireshark===
 
===Wireshark===
Line 11: Line 11:
 
Wireshark is freeware and can be downloaded from http://www.wireshark.org/.
 
Wireshark is freeware and can be downloaded from http://www.wireshark.org/.
  
===The network hub or switch===
+
===Use network hub or switch?===
 
A protocol analyzer connected to a [http://en.wikipedia.org/wiki/Network_switch switch] does not always receive all the desired packets since the switch separates the ports into different segments. Connecting the protocol analyzer to a [http://en.wikipedia.org/wiki/Network_hub hub] allows it to see all the traffic on the segment. Managed switches can be configured to allow one port to listen in on traffic from another ports. This is called [http://en.wikipedia.org/wiki/Port_mirroring port mirroring]. However, these cost much more than a hub or an unmanaged switch.  
 
A protocol analyzer connected to a [http://en.wikipedia.org/wiki/Network_switch switch] does not always receive all the desired packets since the switch separates the ports into different segments. Connecting the protocol analyzer to a [http://en.wikipedia.org/wiki/Network_hub hub] allows it to see all the traffic on the segment. Managed switches can be configured to allow one port to listen in on traffic from another ports. This is called [http://en.wikipedia.org/wiki/Port_mirroring port mirroring]. However, these cost much more than a hub or an unmanaged switch.  
  
 
*'''HUB''' - A network hub is a fairly unsophisticated broadcast device. Hubs do not manage any of the traffic that comes through them, and any packet entering any port is regenerated and broadcast out on all other ports. The availability of low-priced network switches has largely rendered hubs obsolete but they are still seen in older installations and more specialized applications. A hub can be used for network analysis.
 
*'''HUB''' - A network hub is a fairly unsophisticated broadcast device. Hubs do not manage any of the traffic that comes through them, and any packet entering any port is regenerated and broadcast out on all other ports. The availability of low-priced network switches has largely rendered hubs obsolete but they are still seen in older installations and more specialized applications. A hub can be used for network analysis.
*'''Unmanaged switches''' — These switches have no configuration interface or options. They are plug and play. They are typically the least expensive switches, found in home, SOHO, or small businesses. They can be desktop or rack mounted. This type of switches are not suitable for network analysis.
+
*'''Unmanaged switches''' — These switches have no configuration interface or options. They are plug and play. They are typically the least expensive switches, found in home, SOHO, or small businesses. They can be desktop or rack mounted. This type of switches <u>'''are not suitable'''</u> for network analysis.
 
*'''Managed switches''' — These switches have one or more methods to modify the operation of the switch. They can be used for network analysis.
 
*'''Managed switches''' — These switches have one or more methods to modify the operation of the switch. They can be used for network analysis.
  
Line 21: Line 21:
  
 
=== How to capture data===
 
=== How to capture data===
[[Image:Wireshark screenshot.png|thumb|Wireshark screenshot]]
+
 
 
* Download and install Wireshark on a PC
 
* Download and install Wireshark on a PC
 
* Connect the hub between the AlphaCom and the IP network
 
* Connect the hub between the AlphaCom and the IP network
Line 28: Line 28:
 
* From the menu in Wireshark select 'Capture -> Options..', and in the field 'Interface' select your network card
 
* From the menu in Wireshark select 'Capture -> Options..', and in the field 'Interface' select your network card
 
* Press 'Start' to start the capture. Now a smaller window opens showing the number of packets received.
 
* Press 'Start' to start the capture. Now a smaller window opens showing the number of packets received.
* When you have finnished the capture, press 'Stop'
+
* When you have finished the capture, press 'Stop'
* Save the captured data by selecting 'File -> Save As..'. Save the file with extension .cap. The file can be opened and the content analysed on any PC having the Wireshark program installed
+
* Save the captured data by selecting 'File -> Save As..'. Save the file with extension .cap. The file can be opened and the content analyzed on any PC having the Wireshark program installed
 +
[[Image:Wireshark screenshot.png|thumb|left|500px|Wireshark screenshot]]
 +
 
  
[[Category: Troubleshooting]]
+
[[Category: ICX-AlphaCom - SIP Integration]]
 +
[[Category: AlphaCom - SIP Integration]]
 
[[Category: AlphaCom Troubleshooting]]
 
[[Category: AlphaCom Troubleshooting]]
 +
[[Category: IC-EDGE Configuration]]
 +
[[Category: SIP intercom - Configuration]]

Latest revision as of 11:15, 23 February 2023

AEIPS.png
Capturing ethernet data from AlphaCom

Sometimes it is useful for debugging purposes to analyze the data on the IP network. This article describes how to use the PC program Wireshark to capture data from the ethernet port of the AlphaCom.

In order to capture data you need the following equipment:

  • A PC with Wireshark installed
  • A network hub (or a managed switch)

Wireshark

Wireshark (formerly known as Ethereal) is a packet analyzer (also known as Ethernet sniffer) that can intercept and log traffic passing over the ethernet port. As data streams flow across the network, the sniffer captures each packet and eventually decodes and analyzes its content according.

Wireshark is freeware and can be downloaded from http://www.wireshark.org/.

Use network hub or switch?

A protocol analyzer connected to a switch does not always receive all the desired packets since the switch separates the ports into different segments. Connecting the protocol analyzer to a hub allows it to see all the traffic on the segment. Managed switches can be configured to allow one port to listen in on traffic from another ports. This is called port mirroring. However, these cost much more than a hub or an unmanaged switch.

  • HUB - A network hub is a fairly unsophisticated broadcast device. Hubs do not manage any of the traffic that comes through them, and any packet entering any port is regenerated and broadcast out on all other ports. The availability of low-priced network switches has largely rendered hubs obsolete but they are still seen in older installations and more specialized applications. A hub can be used for network analysis.
  • Unmanaged switches — These switches have no configuration interface or options. They are plug and play. They are typically the least expensive switches, found in home, SOHO, or small businesses. They can be desktop or rack mounted. This type of switches are not suitable for network analysis.
  • Managed switches — These switches have one or more methods to modify the operation of the switch. They can be used for network analysis.

So to capture the data a HUB or a managed switch must be used, an unmanaged switch cannot be used.

How to capture data

  • Download and install Wireshark on a PC
  • Connect the hub between the AlphaCom and the IP network
  • Connect the PC to the hub
  • Start the Wireshark program
  • From the menu in Wireshark select 'Capture -> Options..', and in the field 'Interface' select your network card
  • Press 'Start' to start the capture. Now a smaller window opens showing the number of packets received.
  • When you have finished the capture, press 'Stop'
  • Save the captured data by selecting 'File -> Save As..'. Save the file with extension .cap. The file can be opened and the content analyzed on any PC having the Wireshark program installed
Wireshark screenshot