tracer and talkument voip recording

8/14/2019 Tracer and Talkument VoIP Recording

http://slidepdf.com/reader/full/tracer-and-talkument-voip-recording 1/11

Tracer and Talkument VoIP Recording

Overview

Tracer and Talkument work the same way for doing port mirroring. Thisdocument will refer to mostly Tracer but you could insert Talkument anywhereyou see Tracer.

Tracer and Talkument monitors IP packets traveling between the IP Card and theIP Endpoint. To ensure Tracer receives these packets, you must configure thenetwork so that all of the VoIP packets pass through a device capable of replicating those packets.

An Ethernet Hub is a simple device that allows you to connect multiple systems

to an Ethernet network. Sizes range from 4 ports to 48 ports. Each Hub portrepeats every packet transmitted from the port, meaning every port on the Hub“sees” the traffic from every other port. A packet destined for Machine A willarrive on every port on the Hub. Machine B will see the packet destined for Machine A, and it must decide what to do with it. In most cases, Machine B willsimply ignore the packets belonging to Machine A.

An Ethernet Switch is similar to Hub in external appearance. Switches will keeptrack of which devices are connected to each port and filter based on thedestination. This means that a packet destined for Machine A on Port 2 will beignored by all other ports on the Switch. Machine B will not see the packets

destined for Machine A because the Switch only transmits the packets toMachine A’s port.

A network analyzer connected to a Hub will see every packet on the hub. Anetwork analyzer connected to a Switch will only see broadcasts and trafficdestined for the device connected to current port.

The General Principle

All VoIP traffic must be concentrated through a single device capable of mirroring

the packets to Tracer.

Tracer VoIP Recording of 11

©2006 OAISYS. All rights reserved.



Sw itch w/ P ort Mirroring

Tracer

NIC1 = LNIC2 = Mi

IPCARD

LAN

Port Mirroring

Some Switches offer management services, usually through a web interface.Port Mirroring is a feature that allows the switch to send copies of all of thepackets on one port to another port. This allows a device, such as Tracer or anetwork analyzer, to receive copies of packets that it would not otherwise be ableto see.

All Devices on the Same Network

Some Switches offer Port Mirroring on a single port. For example, you canconfigure port 6 to receive copies of the traffic on port 1. Connect your IP Cardto port 1. Connect your Tracer IP Tap Port to port 6. Tracer will now see copiesof all VoIP packets into and out of the IP Card.





Sw itch w/ Port Mirroring

LAN

Mirror Po

LAN

Tracer ConnectionTo a Single IP Card

IPCARD





Some Switches support multi-port Mirroring. These switches allow you toconnect two or more IP Cards and mirror the traffic from each to the samemonitor port. For example, you have three IP Cards on ports 1, 2, and 3.Configure Mirroring on ports 1, 2, and 3, with the target set as port 6. Connectyour Tracer IP Tap Port to Switch Port 6. Tracer will now see copies of all VoIP

packets for all three IP Cards. Here is an example of the user interface for aNetwork Switch that allows this functionality:






LAN

Mirror Po

LAN

Tracer Connection

To Multiple IP Cards

IPCA

RD

IPCA

RD

IPCA

RD

The above examples assume the IP Card resides on the same LAN as the user end points, and there is no firewall. The next two examples describe possibleconfigurations when the IP Cards are placed outside the firewall.





IP Card(s) on Different Networks

In some cases, system designers must place the IP Card on a network segmentoutside the LAN in order to enable remote connections from people outside theoffice.

Firewall


LAN

Mirror Por

(passive conne

LAN

Tracer Connection

To a Single IP Card

Located Outside the LAN

IP

CAR

D

Trusted

connection

Internet Router

In this diagram, the IP Card is located on the public Internet. The Tracer and therest of the LAN systems are placed behind a firewall to protect againstunauthorized access and to conserve public IP addresses.

The Mirror Port connection bypasses the firewall, creating a physical linkbetween Tracer and the Switch. The Tracer IP Tap Port does not bind an IPstack to the network card. It cannot transmit packets, nor can it respond topackets arriving on the port. The connection is not addressable by devices, andtherefore not a target for intrusion.





A Switch that supports multiple port mirroring is needed if you have more thanone IP Card located outside the firewall.

Firewall


LAN

Mirror Por (passive conne

LAN

Tracer Connection

To Multiple IP CardsLocated Outside the LAN

IPCA

RD

Trustedconnection

Internet Router

IPCA

RD

IPCA

RD





One IP Card Internal – One IP Card External

Firewall

Switch w/ Port Mirroring

Tracer

NIC1 = LANNIC2 = Mirror

Mirror Port

(passive connectiongoing around f/w)

LAN

Tracer Connection

To Multiple IP CardsLocated Inside andOutside the LAN

IPC

ARD

Internet Router

IPCA

R

D

IPCA

R

D


LAN

IPCA

RD

Mirror Port

Hub

This configuration supports recording of both public and private IPtelecommunications. The switch handling the public IP station card(s) needs tohave a mirror port enabled and connected to a hub. This connection is passiveand should not be a security risk.The switch handling the private IP station card(s) needs to also have a mirror port enabled and connected to the hub. The hub then provides a single IP voiceconnection to Tracer’s voice NIC. Tracer’s data NIC needs to be connected tothe LAN.

Multiple IP Cards on Different Networks

This presents challenges when IP Cards reside on separate segments, or whensome are inside the firewall and others are outside. Future releases of Tracer will support multiple network segments using two or more passive network taps.





Firewall


LAN

Mirror Port

(passive connection)

LAN

Tracer Connection

To Multiple IP CardsLocated Inside and

Outside the LAN

IP

C

AR

D

Trusted

connection

Internet R outer

IPCA

R

D

IPCA

R

D

Sw itch w/ Port M

LAN

IP

CA

RD

Second Mirror Port

Peer to Peer calls

Tracer will not record peer-to-peer calls between two endpoints. Some VoIPsolutions allow endpoints to negotiate a direct audio channel between thedevices. Since the audio packets may not flow through the IP Card, Tracer will

not see the packets and will net be able to record the call. The data (call control)packets flow through the Switch. The audio packets flow directly between theendpoints, and not through the Switch.





Configuring the Voice Assistant Tracer

The voice ports must be configured in the Voice Assistant Tracer applicationunder the Pgm VPorts tab.

Enter the VoIP station extension number.Enter the IP Address of the IP card hosting the Station Extension.Select VoIP for the Trunk Type under Trunk Information.



tracer and talkument voip recording

Documents