Tech

1. Use of Common Analyzing and Positioning Tools Security Level
1 Network Packet Catcher and Analyzer
The UAP that functions as SoftACD communicates with the CTI/IVR
through the TCP protocol. Because the UAP and the CTI/IVR are two
different products, they might not agree with each other in respect of
log and message tracing. Thus, to determine whether a problem
occurs at the side of the UAP or the CTI/IVR, the correct method is to
analyze the TCP network packets sent between the UAP and the
CTI/IVR.
Ethereal 0.10.12 is a complimentary network protocol analyzer
program that supports UNIX and Windows. This program helps you to
capture data from the network and analyze the data, and to analyze
the data that is captured by a sniffer and saved in a hard disk. This
program also helps you to view the captured data packets in an
interactive manner and to query for the abstract and details about each
packet. The Ethereal has diverse powerful features including support
for almost all protocols, rich filter language, and ease to query for the
data flow after TCP sessions are reconstructed.
2014-12-11 HUAWEI Confidential Page 1, Total 10

2. Use of Common Analyzing and Positioning Tools Security Level
1.1 Basic Use of the Tool
1.1.1 Basic Use
For the information about the basic use of the Ethereal, refer to
《Ethereal操作指导书》(without English version) on the Support Web
site.
1.1.2 How to Realize Packet Capture Between the UAP
and the CTI Through TCP Ports
Networking
The Ethereal is bound to a specific network interface card (NIC). After
being installed in a PC, the Ethereal can capture only the packets that
travel through the NIC. If the packets on the network do not travel
through the NIC, the packets cannot be captured. Thus, configuring
the network before packet capture becomes necessary to enable the
target packets to travel through the NIC of the PC where the Ethereal
is installed.
Without the configuration of a LAN switch, packets cannot be captured
through the LAN switch. The reason is that generally packets that
travel through another port cannot be captured through a port of the
LAN switch.
If the LAN switch is adopted to capture packets, the port mirroring of
the LAN switch must be configured. That is, the target ports must be
mirrored to the access port for packet capture. In general, the following
two target ports for packet capture should be traced between the UAP
and the CTI:
 Target port 1: It is the associated control service element (ACSE)
port of the IFM board at the UAP side that expects data packets.
You can run the LST CSTACFG command to query for the
information about the port.
 Target port 2: It is the ACSE port at the CTI/IVR side that expects
data packets. You can run the LST CTIPORT command to query
for the CTI link code, IP address, and information about the IP
port.
 Access port for packet capture: A PC connects to this port for
capturing packets.
An image of networking for packet capture between the UAP and the
CTI is as follows:
2014-12-11 HUAWEI Confidential Page 2, Total 10

3. Use of Common Analyzing and Positioning Tools Security Level
Gigabit port I Gigabit port II
Gigabit port I Gigabit port II
Trunk: VLANA and VLANB connect to the same
GE
Target port for packet capture (Port: 1/2)
Access port for packet capture(Port: 0/24)
Configuring the LAN Switch
Take Huawei Quidway 5624P as an example. The configuration of the
LAN switch is described as follows:
Configure the port mirroring to enable capturing of the packets that
flow in and out of port 1/2 (Gb) at port 0/24 (100 Mb) in the data link
layer.
Port mirroring is configured as follows:
< Quidway>sy //Access the system configuration mode.
[Quidway] acl num 200 //Configure numbers 200-299 in the ACL table
based on the LINK layer, numbers 0-99 based on the IP layer, and
numbers 100-199 based on the TCP layer.
[Quidway-acl-200] rule 1 permit ingress interface g1/2 //g1/2 is the
target port number for packet capture. It is the rule for configuring
the data that flows in to the port.
[Quidway-acl-200] rule 2 permit ingress interface g1/2 //g1/2 is the
target port number for packet capture. It is the rule for configuring
the data that flows out of the port.
[Quidway-acl-200]quit
[Quidway]mirrored-to link-group 200 interface ethernet 0/24
2014-12-11 HUAWEI Confidential Page 3, Total 10

4. Use of Common Analyzing and Positioning Tools Security Level
//Configure the mirroring. e0/24 is the access port for packet
capture.
[Quidway]quit
For details about the use of the LAN switch (Huawei Quidway 5624P),
refer to the user documents (shipped with equipment) related to
HUAWEI Quidway 5624P.
Commands may vary with switches. For details, refer to the relevant
operation manuals.
Packet Capture
For details, refer to the attachment.
网络数据包捕获与
分析. pdf Capture and Analysis of Network Data Packets
2014-12-11 HUAWEI Confidential Page 4, Total 10

5. Use of Common Analyzing and Positioning Tools Security Level
2 PRA Signaling Analysis
The UAP that functions as an IP gateway communicates with other
products through the PRA trunk. An analysis of PRA signaling is
required to analyze the PRA signaling exchange of the UAP.
2014-12-11 HUAWEI Confidential Page 5, Total 10

6. Use of Common Analyzing and Positioning Tools Security Level
2.1.1 PRA Signaling Analysis
For details about tracing, analyzing and troubleshooting the PRA
signaling, refer to《PRA信令分析和常见问题处理》(without English
version) on the Support Web site.
2.1.2 PRA Signaling Analyzer
When tracing PRA messages at the UAP, right-click the page for
tracing PRA messages and select the Signaling Analysis option from
the displayed menu to analyze the PRA signaling.
For the PRA tracing messages provided by other sources, adopt PRA
Signaling Analyzer V001 for analysis. For details, visit the Support Web
site.
2.1.3 Example of PRA Signaling Analysis
Tracing PRA and SIP Messages
Reserve four to eight PRA trunks in a voice gateway, and then trace
the PRA and SIP messages. The SIP tracing number is 95569.
 Analyze the PRA messages of which the values in the Connect
column and the Alert column are NA. These calls generally fail
soon.
If the UAP receives a PRA disconnection message, you can infer
that abnormal disconnection happens.
2014-12-11 HUAWEI Confidential Page 6, Total 10

7. Use of Common Analyzing and Positioning Tools Security Level
If the UAP sends a PRA disconnection message, you need to
analyze the SIP message to check whether the disconnection
message is sent from the NGN at the called side. Here, the
disconnection is caused by unreachability.
2014-12-11 HUAWEI Confidential Page 7, Total 10

8. Use of Common Analyzing and Positioning Tools Security Level
 Analyze the messages of which the values in the Connect column
are NA. These calls are generally unanswered, disconnected, or
rejected after ringing.
2014-12-11 HUAWEI Confidential Page 8, Total 10

9. Use of Common Analyzing and Positioning Tools Security Level
2.2 SIP Signaling Analyzer
None.
2.3 ASN.1 Analyzer
None.
2.4 Character String Analyzer
2.4.1 ASCII Code and Character String Converter
The tool is used to view the ASCII codes in an announcement
message that is delivered, convert the ASCII codes to character
strings, and check whether the audio file exists on the file server.
码流和字符串转换.
r ar ASCII Code and Character String Converter
2014-12-11 HUAWEI Confidential Page 9, Total 10

10. Use of Common Analyzing and Positioning Tools Security Level
2.4.2 Machine Code and Chinese Character Converter
Analyze the use of TTS variables for playing voices. This converter is
used to convert the values of TTS variables (machine codes) to
Chinese characters, and convert the machine codes to Chinese
characters.
内码转换. r ar
Machine Code and Chinese Character Converter
2014-12-11 HUAWEI Confidential Page 10, Total 10