How to capture SIP trunk traces with Wireshark using a...
How to capture SIP trunk traces with Wireshark using a Capture Filter Contents Contents ................................................................................................................................... 1 Introduction.............................................................................................................................. 2 Network Preparation ............................................................................................................... 3 Wireshark ................................................................................................................................. 4 Data Collection ....................................................................................................................................4 Data Analysis ......................................................................................................................................8 How to capture SIP trunk traces with Wireshark using a Capture Filter 1 Introduction This document is to provide an engineer with clear instructions on how to; 1/. Use Wireshark to capture SIP trunk call information (The SIP Ladder) If you are going to use Wireshark as a Diagnostic Tool there are a couple of options available when capturing data. Option 1 Capture everything This is great if you don’t need to leave the trace running for a while. As you are capturing everything, if you are on a busy network, it will not take long before your capture file becomes a monster. As well as taking up valuable disk space you will then have the problem of finding the few lines that you require, the proverbial ‘Needle in a haystack’. Option 2 Learn how to use capture filters Capture filters restrict the data you are collecting to the correct type or IP address or similar. So, in this example we are going to use a capture filter so that all we are going to see is data from port 5060. This is great if you are diagnosing issues with the SIP call setup, teardown or similar. What you will not get is the audio stream, therefore if the issue is the quality of the call then this report is not for you. If the issue is occasionally, some calls do something a little strange then this may be just what you are looking for. How to capture SIP trunk traces with Wireshark using a Capture Filter 2 Network Preparation 1/. Configure a monitoring port on a network switch and select the ports to be monitored. OR A hub could be placed between the Mitel 3300 controller and the network port, the laptop could be plugged into the hub. How to capture SIP trunk traces with Wireshark using a Capture Filter 3 Wireshark Data Collection 1/. Attach the Laptop to monitoring port (or hub). 2/. Select the interface that Wireshark shout use to capture packets. This is the first icon below the word file or ‘Interface List’ on the screen below If you are given a list of interfaces then generally you want the one with the largest increasing number below the word packets How to capture SIP trunk traces with Wireshark using a Capture Filter 4 3/. Next we want to sort out our capture options Click on ‘Capture Options’ How to capture SIP trunk traces with Wireshark using a Capture Filter 5 4/. In the Capture Options form type Port 5060 Into the field opposite the Capture Filter button Click ‘Start’ How to capture SIP trunk traces with Wireshark using a Capture Filter 6 5/. The screen will start to fill with data once SIP calls start to be made. Once you have sufficient data click on ‘Stop the current live capture’ and save the file How to capture SIP trunk traces with Wireshark using a Capture Filter 7 Data Analysis 1/. Go to Telephony -> VoIP Calls How to capture SIP trunk traces with Wireshark using a Capture Filter 8 2/. You should then get a window something like this; Each line represents one SIP call. Highlight the required call and click on ‘Prepare Filter’ How to capture SIP trunk traces with Wireshark using a Capture Filter 9 3/. The filter will be inserted into the filter window and then clicking on apply Will display only the packets from your selected call. How to capture SIP trunk traces with Wireshark using a Capture Filter 10 4/. Returning back to step 1 (page 8) Go to Telephony -> VoIP Calls How to capture SIP trunk traces with Wireshark using a Capture Filter 11 5/. You will then go back to the window like this; However, this time Highlight the required call and click on ‘Graph’ How to capture SIP trunk traces with Wireshark using a Capture Filter 12 6/. This time you will be presented with the ‘SIP Ladder’ Here you can see the call setup Who originated the call Who they were calling The codecs which were offered The phone Ringing The codecs being used to carry the voice part of the call The call being hung up And the hang up being acknowledged. NOTE Sometimes there can be a delay between the call being hung up (on the Mitel) and it being acknowledged by the network. This results in a number of packets being received by the Mitel after the extension user has cleared down. These will be reported in the logs as a ‘Zombie Call’ How to capture SIP trunk traces with Wireshark using a Capture Filter 13
© Copyright 2024