# How to monitor a changed connection between CPE's

## shuurai

Hello everyone,

I have a question to the following scenario:

We have a network with a lot of VPN connection from a dtedicated location to different locations.

The WAN connection might change to a backup ISDN connection.

I am not able to read the snmp trap from the CPE's.

This way I do not know when this happens. 

Furthermore the Firewalls do not recognize this and the VPN tunnel is always open.

My question is how can I determine that the connection switch to the backup one?

I know that VOIP connections will not work with the backup line.

So my idea is to sniff the network of the dedicated location and look for VOIP protocolls.

If one of the IP's (locations) do not have any VOIP communications at all I could implicate that the connection to this locations switched to a backup line. (?)

I would appreciate any informations/help you could give me.

Best regards 

shuurai

----------

## eccerr0r

If you can't poll the routing equipment, you could write a script that pulls in either traceroute information (if the network equipment forwards ICMPs) or checks a website that prints your IP address and note that address.  Scripting a VOIP call I'm not sure about, but likely you will still need to have an external site of some sort to see if inbound connections work.  Either way it sounds like you have to poll.

----------

## shuurai

With thousands of connections a ping is definetly not an option.

----------

## khayyam

shuurai ... 

perhaps you're looking for something like net-analyzer/nagios (website).

HTH & best ... khay

----------

## shuurai

Actually I thought about something like that khayyam.

But tbh I do not know how to filter the packets for my scenario.

Every help is greatly appreciated

----------

## shuurai

Does anyone know a packet analyzer (like wireshark) that is able to store the captured packets into a *.txt file or similiar?

I want to be able to store the date into a SQL database.

----------

## shuurai

Wireshark does have a terminal application!

F.e. under windows open the cmd and 

go to the programm path 

```
cd /Programmes/Wireshark
```

.

use the command 

```
tshark -D 
```

  to show interfaces

after that 

```
tshark -i 1 -a duration:10 -w test
```

The last command would capture all the packets on interface 1 which are on wire for 10 seconds and save them in the "test.pcap" file.

After that you can open this file and export it to XML.

Well and from here on you can start playing with SQL  :Smile: 

Actually this idea will not help me for my scenario at all LOL!

Anyway  I hope this helps some1  :Smile: 

so far

shuuraj

----------

