Signaling Protocols

The Signaling Protocols menu is available after the installation process has finished and only for machine type Probe (which includes the machine type Mediation Engine with Probe).

You use the Signaling Protocols page to identify the types of traffic the various probes (which sniff traffic) look for. The Probe accepts only the traffic that matches the filter rule and sends them to the Mediation Engine.

You might want to configure strict filtering rules for several reasons:

  • The probes process all traffic that matches the filter. For most installations, the high volume of traffic makes inspecting every packet infeasible. Ignoring unnecessary packets, therefore, puts less stress on your system and makes subsequent analysis easier. For example, you may want to make sure the signaling probe, which monitors SIP, does not also get all the RTP traffic.
  • You might not be interested in certain sources of traffic, even though the machine would pick it up.
  • More complex VLAN configurations.

The default filters are sufficient for most installations and provide a good starting point.

After you configure the filters, it takes a few seconds for the probe(s) to reconfigure. The statistics on this page should show the totals for the new filters. The Packets processed statistic is a good indicator of how the filters are working.

Note:

  • Make sure to use vlan keywords in the filters when that is used on the network.
  • Make sure to change the default filters if you use non-standard ports or other options.
  • Traffic is first filtered using the media protocols setting. Only the traffic that does not match the media protocols BPF filter (except when Check all traffic for signaling filter option is enabled) is passed to the signaling probes.
  • If you use Packet Inspector for recording media, you need to include media packets in the Packet Inspector filter.
  • You need to ensure that there is sufficient disk space for storing media on the Probe machine. Media packets are initially stored on the Probe machine. The Probe forwards the packets to the Mediation Engine only when a user downloads the media to a PCAP file. When the disk is full, the Probe overwrites the calls stored on the disk with new calls. You can define the Packet Inspector filter to restrict the calls stored on the Probe and thus minimize calls that are overwritten.

For more information about filters, see the Filter Syntax section.

Packet Deduplication

You can select to turn on packet deduplication for the associated traffic type. If you turn on packet deduplication, you must also provide a time value in milliseconds. The value should be greater than zero.

Packet deduplication is done at L3 and above and it is best effort. Some types of traffic might not get deduplicated, for example, duplicates on nested VLANs, ipv6, and so on.

There is a System Setting to enable deduplication in the core, which should be enabled if there are multiple Probes connected to one ME, and seeing the same traffic. If traffic is seen without and with vlan tags, you should also disable VLAN awareness in System Setting.

Statistics per Protocol

The following statistics are shown for each protocol:

  • Rate: Specifies the total number of packets accepted after the filtering.
  • Packets processed: Specifies the number of packets processed in the last second. Only packets that match the filter are processed.

Global Statistics

The following statistics are shown for all devices:

  • Total sniffed: Specifies the number of packets sniffed across all configured devices.
  • Total dropped: Specifies the number of packets that were not processed. Packets were dropped either by the NICs or during processing due to system performance reasons. If possible, tighten the filter rules and disable the Check all traffic for signalingfilter option in Media Protocols to ignore unnecessary packets and reduce stress on the system. If that is not possible, consider upgrading the machine.
Previous
Previous 		Next
Next
Go To Table Of Contents
Contents