Capturing VoIP Traffic with Wireshark to Troubleshoot Network Problems
Wireshark allows you to capture and analyze VoIP network traffic and packet data from the NEC SL2100 and SL1100. This is a must-read for installers working with or troubleshooting VoIP issues.
- NEC SL2100 KSU or NEC SL1100 KSU with VoIP daughterboard Card
- NEC IP Phone
- Half Duplex connections are not supported
- Preferably a laptop with a 10/100 or 10/100/1000 Ethernet interface card
- A managed switch capable of port mirroring
- (3) Cat5e or Cat6 Ethernet Cables
- If this is a capture of a connection between a phone system and a VoIP phone, simultaneous real-time captures from both ends will be required for troubleshooting.
- A Hub cannot be used because the VoIP daughterboard requires a full duplex 100/1000 Ethernet connection. All Hubs are half duplex devices and most are 10mbps only devices.
Before Capturing Data
1. Make sure that the phone system is powered on and is configured on the same network that you will be capturing traffic on
2. Install and open Wireshark
3. Select the interface you wish to capture on (ie. Local Area Connection)
4. Click start.
5. You should see data packets being captured in the Wireshark capture window
Ensure that RTP and/or SIP Traffic is Being Captured
1. Stop the capture and use the Filter to search for “rtp” and/or “sip” (lowercase only)
2. Type “rtp” in to the filter text box and click apply. Confirm that RTP traffic is being captured
3. Type “sip” in to the filter text box and click apply. Confirm that SIP traffic is being captured. (if applicable)
4. Close the capture (File -> Close)
5. Click “Continue without Saving”
Capturing the Data
1. Start a new capture
2. Make test calls and perform whatever actions are necessary to reproduce the problem you’re having
NOTE: If this is a capture of a connection between a phone system and a remote VoIP phone, simultaneous real-time captures from both ends will be required for troubleshooting.
3. Click the stop button after sufficient data has been captured
4. Save the capture (File -> Save As)
5. Email the capture to us at firstname.lastname@example.org along with a description of the problem you’re experiencing
6. Lastly, NEC will need any and all SIP management features with SIP ALG in particular to be disabled on all modems and routers/switches involved.