[Last Call] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 847
  • Last Modified:

How to analyze the Network Traffic Using wireshark


I have wireshark Installed on my windows 2003 server.I have voip softswitch on my windows2003 server.
I have  voip ATA's(voip phones) installed at couple of customer locations.Since yesterday,I ses that some of my clients are not able to register with my server,but others are able to register ,though they are using the same ISP.This happens only in one country and in other country ,it just works without any issue.I need to analyze whats happening and where its getting lost.

I am very new to wireshark.Please help.I have the customer ip's which are able to register,also i have customer ip's which are not able to register.

2 Solutions
Hello Sam2009,

I hope following article will help you understand the issue.

Good Luck!
Sam2009Author Commented:
Hello myramu,

This example is useful for calls hitting the voip softswitch.My issue is before calls hitting.My unit doesnt register,so wont be able to make calls.

Sam2009Author Commented:
@ myramu

I need to add voip also to the zone list ,how do i do it now
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Bill BachPresidentCommented:
Without going deep in depth to the VoIP protocols, there is an easier way. First, determine the IP address of a working system. Create a capture filter in WS of "host xx.xx.xx.xx" with the IP address. Then, connect up the phone and stop the capture when done.

Then, do the same thing with a nonworking phone. Go line by line through the two traces side by side looking for discrepancies.

Notw that some traffic may not be making it past a firewall on the client side. You may need to set up WS on the side of each client as a second comparison point.
nociSoftware EngineerCommented:
Calls hitting your voipswitch are different from registers... But that is content.
Both are part of the SIP protocol. If you are missing any SIP packets then that is the first clue...

So if you have a SIP recording from restarting an ATA it should show a setup using SIP...
If there is no SIP then a call may not happen.

greg wardCommented:
If the ata uses sip then you will see data on port 5060 udp ( so long as its on default settings)
set wireshark to capture data and run a filter to see if there is anything.
If there is no data i would suggest checking  your config and if that fails setting up a vpn tunnel between the two sites as it looks like the isp is blocking the voip traffic.


Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now