Packet Analysis, Agile and Changing Requirements

Blog Post created by EdRoyston Employee on Jul 19, 2018

I have recently been working on some CA UCM work with a customer where they have an Avaya platform sending in traffic for us to display/monitor analyse. Originally this traffic was to be sent through from hard phones but due to changes with the customer's upstream customer, the phones are now all software running on workstations. Supposedly the reporting traffic being sent in is the same format or RFC compliant with what comes from the hard phones.


In order to determine as to whether the traffic really is compliant I have had to do some packet sniffing/capture to prove that things are indeed coming into the CA UCM Collector (that gathers the raw results for further processing). The challenge being is that we are doing things on their production systems and there is a limitation as to what can be installed there.


One other thing that I have found is that when installing Wireshark under Windows 10 that things don't tend to start up correctly with the software. This is due to my laptop running the latest build of Windows 10 (1803) and signed drivers, etc. are now required. Winpcap that comes with Wireshark is quite old and isn't as compliant with these new restrictions.


The "secret procedure" to setting up Wireshark under Windows 10 is as follows:

  1. Download Wireshark 64 bit from here: https://www.wireshark.org/download.html
  2. Download npcap from here: https://nmap.org/npcap/
  3. Install npcap
  4. Reboot your machine
  5. Install Wireshark
  6. Reboot your machine
  7. Upon logging in once more, everything should be able to be kicked off and working!


There are a number of challenges that I have with the customer here:

  1. It has taken a LONG time for them to get to this stage. We (as in the CA team) were fast in getting things deployed and up and running months ago but it has taken them to catch up. that is a lot of dead time where they could have been testing things with us, at least on a very limited scale.
  2. They are developing this project in a very waterfall fashion. Once one thing has been done, they move onto the next. However, if things change then they aren't flexible enough to adapt to these changes since things have been "set in stone" from past activities.
  3. The Avaya team members can be heard to be working against each other by taking out their own reporting platform. This might be in the middle of testing that we have planned for the past several days. So, there is a small amount of chaos within their setup as well!
  4. Nothing like developing on a production system! It seems that this is the only one that is available on their side that can send the required data into our setup.


Hopefully our CA UCM devs can see as to whether what they are sending through really is compliant. It looks like they are trying to sneak a change through the system...