The only problem with having a blog is finding time to update it, I have no idea how the others on here do it. But I will try, and start updating it more frequently....... if there is something useful to put on here. I will return to the scipting ideas for begineers later if anyone thinks it would useful. For now though I want to tell you about a very usefull tool for tracing alongside Wireshark.

The biggest difficulty in using Wireshark is you have to run it on the device you are tracing on, which is not a lot of use for tracing a call between 2 sip phones for example. Now if you're lucky the customer will have nice expensive new switches with monitoring ports on to allow you to "listen in" on any switch port...... personally none of my customers has one of these.

So the answer is not to carry a HUB, but an application called Cain and Able. This is available from www.oxid.it it is totally free, and in some countries illegal, (Canada for example, and maybe Germany) The tool is one used by hackers quite frequently and it has a lot of hacking tools / password crackers/ hash generators etc in it.... but thats not for here.

The befits it offers Swyx engineers are :-

1.  It has probably one of the fastest network scanners I have ever worked with, and in our case the list it generates also containes the manufactures finger print. In other words you get a list of everything on the network extremely quickly and you can see all the Siemens Handsets in seconds, along with the Snom, Cisco or whatever else youve got on there.

2. The real magic though is its ability to APR poison the network. All you have to do is select the devices from the network scan that you want to monitor and it will poison the network to route all traffic via your network card. So select 2 Siemens phones hit the APR poison button and all traffic to those phones go through your PC. Like wireshark it does have a VoIP decoder built in, so you can playback the audio capture within the application, like wiresharke this is limited to G711 codecs out of the box. Obviously if you run wireshark behind Cain and Able you get to do a full trace.

The manual can be found at http://www.oxid.it/ca_um/

Have a look and give it a try, if anyone new to diagnostics on nertworks wants a more simple guide on using this software let me know and I will do some screen vid's walking you through it.