Analyze Lync Traffic

This procedure explains how to view Lync traffic in your network environment with an ExtraHop system.

Note:You must be able to access the ExtraHop Administration settings, which require a user account with unlimited privileges.

Add SSL decryption key and protocols

  1. Log in to the Administration settings on the ExtraHop system through https://<extrahop-hostname-or-IP-address>/admin.
  2. In the System Configuration section, click Capture.
  3. Click SSL Decryption.
  4. In the SSL Decryption Keys section, click Add Keys.
  5. In the Add PEM Certificate and RSA Private Key section, on the Add SSL Keys page, type the following information:

    Name: A user-friendly name for the key that you're adding.

    Certificate: The certificate information for your Lync server.

    Private Key: The private key information for your Lync server.

  6. Click Add.
  7. In the Encrypted Protocols section, click Add Protocol.
  8. In the Add Encrypted Protocol section, click the Protocol drop-down and select SIP.
  9. From the Key drop-down, select the private key you added previously in step 4.
  10. In the Port field, type 5061
  11. Click Add.
  12. Repeat steps 6-10 and add HTTP as an encrypted protocol. The port number for HTTP is 443.

Next steps

Click the ExtraHop logo at the top left of the page, and navigate to the RTP, RTCP, and SIP pages for applications and devices of interest. Metrics that include Lync traffic are included.

For more information about adding SSL decryption keys, refer to the Capture section of the ExtraHop Admin UI Guide.

Published 2021-07-26 21:08