How to analyze the Network Traffic Using wireshark


I have wireshark Installed on my windows 2003 server.I have voip softswitch on my windows2003 server.
I have  voip ATA's(voip phones) installed at couple of customer locations.Since yesterday,I ses that some of my clients are not able to register with my server,but others are able to register ,though they are using the same ISP.This happens only in one country and in other country ,it just works without any issue.I need to analyze whats happening and where its getting lost.

I am very new to wireshark.Please help.I have the customer ip's which are able to register,also i have customer ip's which are not able to register.

Who is Participating?
Bill BachPresidentCommented:
Without going deep in depth to the VoIP protocols, there is an easier way. First, determine the IP address of a working system. Create a capture filter in WS of "host xx.xx.xx.xx" with the IP address. Then, connect up the phone and stop the capture when done.

Then, do the same thing with a nonworking phone. Go line by line through the two traces side by side looking for discrepancies.

Notw that some traffic may not be making it past a firewall on the client side. You may need to set up WS on the side of each client as a second comparison point.
Hello Sam2009,

I hope following article will help you understand the issue.

Good Luck!
Sam2009Author Commented:
Hello myramu,

This example is useful for calls hitting the voip softswitch.My issue is before calls hitting.My unit doesnt register,so wont be able to make calls.

How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

Sam2009Author Commented:
@ myramu

I need to add voip also to the zone list ,how do i do it now
nociSoftware EngineerCommented:
Calls hitting your voipswitch are different from registers... But that is content.
Both are part of the SIP protocol. If you are missing any SIP packets then that is the first clue...

So if you have a SIP recording from restarting an ATA it should show a setup using SIP...
If there is no SIP then a call may not happen.

greg wardSystems EngineerCommented:
If the ata uses sip then you will see data on port 5060 udp ( so long as its on default settings)
set wireshark to capture data and run a filter to see if there is anything.
If there is no data i would suggest checking  your config and if that fails setting up a vpn tunnel between the two sites as it looks like the isp is blocking the voip traffic.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.