How to enable port mirroring - snooping

Introduction

It is often useful to capture a SIP/IP trace in real time from a Dialogic IMG 1010 or IMG 2020 Integrated Media Gateway rather than an IP endpoint as this shows what the IMG 1010 or 2020 Gateway itself received and sent. The IMG 1010/2020 Gateways do not have any built-in facility to capture a Wireshark trace, but can be configured to mirror the signalling (for SIP/H323) and data (for RTP) ports that can be useful when debugging live systems.

Procedure

To enable port snooping, go to the "Advanced Debug" menu in the CLI interface by pressing "d" at the main menu and using the username "admin" and password "password". Then enter the "zEth" menu with the commands "n" "e" (no return needed).

From here, the procedure differs depending on whether you are using the Dialogic IMG 1010 Integrated Media Gateway (IMG 1010) or the Dialogic IMG 2020 Integrated Media Gateway (IMG 2020), formerly referred to as Dialogic BorderNet™ 2020 Session Border Controller.

IMG 1010

Press "s" to enable port snooping and you will be presented with a list of "ports" and will be asked to specify which ports you are interested in.

The selections at this point will depend somewhat on your network configuration. For example, if you are interested in seeing a trace of the SIP and the RTP for a VoIP call where the SIP is received on the "SIG_0" port and the RTP is on the "DATA_0" port of the IMG 1010 Gateway, then you need to snoop ports 1 and 3 as in the example below.

After that, specify where to mirror the data to. On the IMG 1010 Gateway, there are two network connections for each of the control, signalling and data ports, and only one of each will be in use at any one time. You will need to use one of these 'spare' connections to connect a laptop running Wireshark to capture the trace. In this example, "SIG_1" is specified as the destination for the mirrored data:

Advanced Debug> n
zNet> e
zEth> s
Enable Port Snooping
Port Usage Port Nbr
GAL ESW 0
DATA_0 1
DATA_1 2
SIG_0 3
SIG_1 4
VMOD0_0 5
VMOD0_1 6
VMOD1_0 7
VMOD1_1 8
Enter Source Snoop Port (9 to terminate input): 1
Enter Source Snoop Port (9 to terminate input): 3
Enter Source Snoop Port (9 to terminate input): 9
Snoop Type: 0 = Received Data, 1 = Transmit Data, 2 = Both: 2
Destination Port: 4

At this point, any data that is sent or received on the "SIG_0" or "DATA_0" ports will be replicated to the "SIG_1" port. Now plug a laptop running Wireshark into the "SIG_1" port to capture the data. To disable port snooping, from the same menu, press "S":

zEth> S
Port Snooping Disabled

IMG 2020

Press "T" to enter the "Traffic Monitoring Sub-Menu". Press "a" to set the destination port for the monitored traffic. Note that the back panel of the IMG 2020 is significantly different than that of the IMG 1010. Depending on the IMG 2020 model, there are up to 6 sets of Ethernet ports labelled CTRL 0/1, DATA A0/A1, DATA B0/B1, DATA C0/C1, DATA D0/D1 and AUX 0/1. These are redundant pairs and as of Release 2.2, only the CTRL, DATA A and DATA B ports can be used for actual traffic, so select an appropriate spare port to plug your laptop into.

After pressing "a", you will be prompted with a list of ports. Enter the identifier corresponding to the port you have plugged your monitoring laptop into and press "Enter".

For example, to activate port snooping / traffic monitoring to port "DATA B1":

Advanced Debug> n
zNet> e
zEth> T
zEthMon> a
Ethernet Switch Ports:
00: CTRL[0] 17: AUX_1 42: VM0_DSP0 53: VM2_DSP3
01: CTRL[1] 18: CPU0 43: VM0_DSP1 54: VM3_DSP0
02: DATAA[0] 19: CPU1 44: VM0_DSP2 55: VM3_DSP1
03: DATAA[1] 20: CPU2 45: VM0_DSP3 56: VM3_DSP2
04: DATAB[0] 22: EXT_NAT 46: VM1_DSP0 57: VM3_DSP3
05: DATAB[1] 26: EXT_MON 47: VM1_DSP1 58: VM4_DSP0
06: DATAC[0] 27: EXT_D2D 48: VM1_DSP2 59: VM4_DSP1
07: DATAC[1] 28: INT_MON 49: VM1_DSP3 60: VM4_DSP2
08: DATAD[0] 29: INT_D2D 50: VM2_DSP0 61: VM4_DSP3
09: DATAD[1] 34: INT_CPU 51: VM2_DSP1
16: AUX_0 38: INT_NAT 52: VM2_DSP2
Enter the ESW port number (^=abort):5
zEthMon>

Next, select which ports (source) will be mirrored to the destination port you have just selected. Press "m" to select the ports. Only one port can be selected at a time. Repeat the "m" command to select multiple source interfaces.

For example to set CTRL 0 as the source port:

It is possible to enter "*" in order to select all ports as source ports. Please note that this will result in duplicate packets (specifically RTP packets) in the Wireshark trace because you will mirror both the DSP generating these packets and the physical port from which these packets are emanating.

To check which source and destination ports have been selected, press "A". In the following example ports CTRL 0 and CTRL 1 will be mirrored to DATA B0:

To deactivate an individual source port, press "M" and select the port number as above. To deactivate all source ports, enter "*" as the port number.

To deactivate the destination port, press the "D" key at the "zEthMon>" prompt:

To verify that port mirroring has been completely disabled, press "A" again.

Product List

Dialogic IMG 1010 Integrated Media Gateway
Dialogic IMG 2020 Integrated Media Gateway (formerly Dialogic BorderNet™ 2020 Session Border Controller)

Legal Note

This document discusses one or more open source products, systems and/or releases. Dialogic is not responsible for your decision to use open source in connection with Dialogic products (including without limitation those referred to herein), nor is Dialogic responsible for any present or future effects such usage might have, including without limitation effects on your products, your business, or your intellectual property rights.

Dialogic Integrated Media Gateways