Capturing VoIP Traffic with Wireshark to Troubleshoot Network Problems

Wireshark allows you to capture and analyze VoIP network traffic and packet data from the NEC SL2100 and SL1100. This is a must-read for installers working with or troubleshooting VoIP issues.

Hardware Requirements

  • NEC SL2100 KSU or NEC SL1100 KSU with VoIP daughterboard Card
  • NEC IP Phone
  • Half Duplex connections are not supported
  • Preferably a laptop with a 10/100 or 10/100/1000 Ethernet interface card
  • A managed switch capable of port mirroring 
  • (3) Cat5e or Cat6 Ethernet Cables

Software Requirements

Wireshark Windows Installer

Notes

  • If this is a capture of a connection between a phone system and a VoIP phone, simultaneous real-time captures from both ends will be required for troubleshooting.
     
  • A Hub cannot be used because the VoIP daughterboard requires a full duplex 100/1000 Ethernet connection. All Hubs are half duplex devices and most are 10mbps only devices.

Before Capturing Data

1. Make sure that the phone system is powered on and is configured on the same network that you will be capturing traffic on

2. Install and open Wireshark

3. Select the interface you wish to capture on (ie. Local Area Connection)

4. Click start.

5. You should see data packets being captured in the Wireshark capture window

Ensure that RTP and/or SIP Traffic is Being Captured

1. Stop the capture and use the Filter to search for “rtp” and/or “sip” (lowercase only)

2. Type “rtp” in to the filter text box and click apply. Confirm that RTP traffic is being captured



3. Type “sip” in to the filter text box and click apply. Confirm that SIP traffic is being captured. (if applicable)



4. Close the capture (File -> Close)

5. Click “Continue without Saving”

Capturing the Data

1. Start a new capture

2. Make test calls and perform whatever actions are necessary to reproduce the problem you’re having

NOTE: If this is a capture of a connection between a phone system and a remote VoIP phone, simultaneous real-time captures from both ends will be required for troubleshooting.

3. Click the stop button after sufficient data has been captured

4. Save the capture (File -> Save As)

5. Email the capture to us at support@mytechdistributors.com along with a description of the problem you’re experiencing

6.  Lastly, NEC will need any and all SIP management features with SIP ALG in particular to be disabled on all modems and routers/switches involved.