Friday, January 9, 2009

poor man's tektronix

All SS7 switches, prepaid or IN platforms come with some sort of signaling tracing capabilities. Now, for performing SS7 tests or debugging low, non production traffic they are usually OK - some text file gets written decoded signaling messages. The file can be then opened with notepad and Ctrl+F does the trick. What if we are dubbuging and tracing a problem on a production system with heavy traffic - obviously notepad will not be easy. Well, we can always spend a little (or a lot) on a Tektronix K15 ..but what if we don't want or don't have the budget for Tektronix ? It seems we have some other options and the keyword is Wireshark.
The first, easier option is if we have Sigtran somewhere in the picture. If the SS7 traffic is transported over IP - things are relatively easy. What we do is we setup port mirroring no the switch carrying the Sigtran traffic to replicate that port and connect the replicated port to a PC on which we run Wireshark. That's it. Traffic can be analyzed locally or via remote desktop / vnc.
The second case is if we don't have Sigtran - and this is trickier. I haven't actually tested this one but I think it should be doable. Here we have to tap into the SS7 traffic on an E1. To tap into the E1 we should be able to use Sangoma's PN 633 Tap Connection Adapter. We then connect Tx Net and Tx Cpe ports to a Sangoma card - for example A102. We then configure the ports on the card and dump a pcap log file with wanpipemon. In the end we open the file with Wireshark. Like I said, I haven't yet tried this but I'm quite sure it would work and save us a little money on a K15.

No comments: