Using Wireshark to Capture Network Traffic

WiresharkWhen troubleshooting certain issues, it is useful to know what information is being sent and received over the network. This makes it possible to close in on the source of the problem encountered. Information transmitted on the network can be captured using a network packet analyzer such as Wireshark.

Wireshark (and network packet analyzers in general) are rather advanced tools, which are used to analyze network traffic being transmitted on the network. Wireshark is able to analyze the structure of different network protocols, including SIP and other protocols used in VOIP calls. It is thus a perfect tool to troubleshoot issues with VOIP calls, and other issues related to registering of devices, issues related to BLF lights and negotiation of codecs between the PBX and devices.

In addition, network captures can be correlated to the 3CX Phone System log files, giving a better picture of the situation being troubleshooted. Because of this, 3CX support team often require the 3CX Phone System log files in addition to the Wireshark network capture file. The 3CX Phone System log files can be gathered using the procedure found at link to other blog article

Use the following procedure to download Wireshark and generate a capture file:

  1. Download the latest version of Wireshark from http://www.wireshark.org/download.html. There is a download for 32-bit and a separate download for 64-bit operating systems – make sure you download the correct version.
  2. Install Wireshark by double clicking on the installation file and following the prompts.
  3. Start Wireshark the Wireshark program group.
  4. Go to Capture – Interfaces. This shows a list of network interfaces found on the server. You will need to select the network interface that you would like to capture traffic from. The IP addresses may be shown in IPv6. Click on the IP address to show IPv4 address assigned to the NIC card.
    Select the interface from which Wireshark will record network traffic
  5. Click on the Options button for the Network Interface card chosen.
  6. Unselect “Capture Traffic in promiscuous mode”, and leave all the other settings as default. Click the Start button to start the network capture.
    Wireshark Capture Options
  7. Reproduce the issue, noting the following were applicable:
  • Called number
  • Calling number
  • Extension numbers
  • Any other entities, internal or external involved in replicating the issue
  • The exact time the issue was replicated. You need to get this from the clock on the server running 3CX Phone System
  • The route taken by the call
  • Any other information you think could be relevant
  • Once the problem has been reproduced, you can stop the network capture from Capture – Stop (or by clicking the stop button –  Wireshark stop button)
  • You need to save the network capture from File – Save As
  • Give a name to the network capture. Leave the Save as type as default (i.e. the file should be saved as pcap)
  • Attach the Wireshark network capture file to the support ticket together with the 3CX Phone System support files.



Article source: http://feedproxy.google.com/~r/3CXVoIPBlog/~3/q0vnSappOGg/

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS
This entry was posted in 3CX Phone System and tagged , , , . Bookmark the permalink.

Comments are closed.