Collecting Packet Traces
Wireshark is a network protocol analyzer that you can use for analyzing network problems. You can download it from Wireshark.org. After installing wireshark on your Microsoft Windows machine, you can perform the following actions.
Capturing Network Traffic
- Open Wireshark.
- To start capturing network traffic, go to Capture on the menu bar, and then click Interfaces. A window will open.
- Click Start on the desired network interface. Wireshark will start capturing network traffic.
- To stop capturing, go to Capture on the menu bar, and click Stop.
- To save the captured packets, go to File on the menu bar, and click Save As. A window will open.
- Enter a file name, and then click Save to save the file.
Creating a Packet Filter
Wireshark supports packet filters, which enables you to filter out unwanted packets. For example, the sip || rtp filter will display only SIP and RTP packets. You can click Expression to see more filter options.
Displaying VoIP Calls
Wireshark can look for VoIP calls from the captured packets. Go to Statistics on the menu bar and click VoIP Calls. A window will open with the list of VoIP calls.
- Use the following command:
- dumpcap -i <interface-name> -w <output_file>.pcap
- If using RHEL5, use the following command:
- tcpdump -s 1500 -i eth0 -w /root/filename.pcap
- Press Ctrl + C to stop and exit the capture.
- You can then transfer the capture file to a Windows machine to view and filter it by using Wireshark software.
- For example—If eth0 is the active interface on the machine with which the GVP component (such as MCP, CCP, or RM) is associated, the command in Linux would be the following:
- dumpcap -i eth0 -w gvpcapture.pcap