[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

How to analyze the Network Traffic Using wiresharkQuestion ?

Posted on 2011-05-11
5
Medium Priority
?
294 Views
Last Modified: 2012-05-11
Greetings,

I have wireshark Installed on my windows 2003 server.I have voip softswitch on my windows2003 server.
I have  voip ATA's(voip phones) installed at couple of customer locations.Since yesterday,I ses that some of my clients are not able to register with my server,but others are able to register ,though they are using the same ISP.This happens only in one country and in other country ,it just works without any issue.I need to analyze whats happening and where its getting lost.

I am very new to wireshark.Please help.I have the customer ip's which are able to register,also i have customer ip's which are not able to register.

Regards
0
Comment
Question by:Sam2009
  • 2
  • 2
5 Comments
 
LVL 15

Expert Comment

by:greg ward
ID: 35739951
I would suggest you start here.
This will enable you to filter just the ip addresses you need and then build up more complex filters.

http://www.wireshark.org/docs/wsug_html_chunked/ChWorkBuildDisplayFilterSection.html

Greg
0
 

Author Comment

by:Sam2009
ID: 35740147
Dear greg,

Thank you for the link.It was useful in filtering the packets based on IP.I Started live capture on NIC card and then i filtered on the IP ,that is not registering.Now how do i analyze it

regards
0
 
LVL 15

Accepted Solution

by:
greg ward earned 1000 total points
ID: 35740705
when you have the capture you will be able to open each packet and see what is inside.
You will be able to see the difference inside the packets between what works and what does not.

Not sure if you would want to post the data on here as it will contain publi ip addresses.

Greg
0
 
LVL 7

Assisted Solution

by:printnix63
printnix63 earned 1000 total points
ID: 35741051
When you look further into the description, you have, besides ip addresses
ip.addr==<ip>
ip.src==<ip>
ip.dest==<ip>

also a possibility to just look for a certain protocol by using
smtp
snmp
dns
ldap
a.s.o

Then, when you have filtered on your address, you could, in case it is a TCP Stream, right click into a captured package and select "Follow TCP Stream"

This will show you the particular communication where this package is from. If you have UDP packages, this will not work. Maybe it helps you furthre
0
 

Author Comment

by:Sam2009
ID: 35764757
Hello,

I think i fixed it.Your comments fixed it.

Thanks
0

Featured Post

Configuration Guide and Best Practices

Read the guide to learn how to orchestrate Data ONTAP, create application-consistent backups and enable fast recovery from NetApp storage snapshots. Version 9.5 also contains performance and scalability enhancements to meet the needs of the largest enterprise environments.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
Skype is a P2P (Peer to Peer) instant messaging and VOIP (Voice over IP) service – as well as a whole lot more.
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question