I thought I would take some time to shamelessly plug a product that I recently purchased for my organization.
We are currently working through an issue that is affecting our Nortel 2211 Wireless telephones on our Motorola RFS7000 Wireless LAN Switch. In short it appears that the phone is resetting itself for unknown reasons. The problem is very intermittent and sporadic, hence it's very difficult to recreate. The vendors involved in the problem, Motorola, Nortel and Polycom (Spectralink) are all asking for wireless traces of the problem. In order to capture the problem we need four laptops; three laptops tracing on each of the wireless channels in the 802.11b 2.4Ghz spectrum and one laptop tracing on the LAN side of the RFS7000. Needless to say that is a lot of hardware to setup. And the wireless laptops really need to physically move with the wireless telephone as it moves through the building (wireless network).
Then I heard that CACE Technologies had a hardware solution that worked with WireShark and allowed for simultaneous packet capture on all three 802.11b channels. Using three AirPcapEx USB adapters I could use a single laptop to capture all three 802.11b channels saving me a lot of hardware and a lot of time trying to assemble/merge the different packet traces.
I've been using the solution for the past week and it seem to work well. It was perfect timing because WireShark v1.0 was released earlier this week. Even though it's a single laptop it can still be a bit of a logistical pain with the three USB adapters and the three antennas. I got some really interesting stares walking around the building with this octopus looking thing on top of the laptop keyboard.
Cheers!
Thursday, April 3, 2008
Wireless Packet Traces (AirPcap)
Friday, December 21, 2007
UNISTIM Protocol (WireShark)
The folks behind WireShark have released version 0.99.7 for Windows. WireShark (formerly Ethereal) is the de facto standard network protocol analyzer today. I personally use WireShark and WildPacket's OmniPeek depending on the situation or scenario.
Why the excitement behind the new release?
Well for those of us that have tried in vein for many years to decode the UNISTIM protocol the latest release of WireShark promises to deliver us from our purgatory. The complete release notes can be found here. I'll include just the pertinent part here;
New Protocol Support
ANSI TCAP, application/xcap-error (MIME type), CFM, DPNSS, EtherCAT, ETSI e2/e4, H.282, H.460, H.501, IEEE 802.1ad and 802.1ah, IMF (RFC 2822), RSL, SABP, T.125, TNEF, TPNCP, UNISTIM, Wake on LAN, WiMAX ASN Control Plane, X.224,
You can find a entry for UNISTIM on WireShark's Wiki here along with an entry on Wikipedia here.
In summary UNIStim is Nortel's proprietary VoIP signaling protocol between their Internet Telephones (i2002,i2004,i2007,1120e,1140e,1150e) and the Nortel Call Server (PBX) switch. The Internet Telephones and Call Server still utilize the Real-time Transport Protocol (RTP) for the actual voice path between two Internet phones or from a Voice Gateway Media Card (VGMC) to an Internet phone.
Let me provide an example of the new decode; (click on the image to see it blown up)
Many thanks to Gerald Combs and all the contributors over at WireShark!
Cheers!
