Using Wireshark to Capture Network Traffic

When troubleshooting certain issues, it is useful to know what information is being sent and received over the network. This makes it possible to close in on the source of the problem encountered. Information transmitted on the network can be captured using a network packet analyser such as Wireshark.

Wireshark (and network packet analysers in general) are advanced tools, which are used to analyse network traffic being transmitted on the network. Wireshark is able to analyse the structure of different network protocols, including SIP and other protocols used in VoIP calls. It is thus a perfect tool to troubleshoot issues with VoIP calls, and other issues related to registering of devices, issues related to BLF lights and negotiation of codecs between the PBX and devices.

In addition, network captures can be correlated with 3CX Phone System log files, giving a better picture of the situation being troubleshooted. Because of this, 3CX support team often require the 3CX Phone System log files in addition to the Wireshark network capture file. The 3CX Phone System log files can be gathered using this procedure.

Use the following procedure to download Wireshark and generate a capture file:

  1. Download the latest version of Wireshark from http://www.wireshark.org/download.html. There are 32-bit and 64-bit versions – make sure to download the correct version.
  2. Install and start Wireshark.
  3. Go to “Capture” > “Interfaces”. This shows a list of network interfaces found on the server. You will need to select the network interface that you would like to capture traffic from. The IP addresses may be shown in IPv6. Click on the IP address to show IPv4 address assigned to the NIC card.
    Wireshark_ Capture Interfaces
  4. Select the interface that you wish to capture traffic from and click on the “Options” button.
  5. Untick “Capture Traffic in promiscuous mode”, and leave all the other settings as default. Click the “Start” button to start the network capture.
    Wireshark_ Capture Options
  6. Reproduce the issue, noting the following were applicable:
    • Called number.
    • Calling number.
    • Extension numbers.
    • Any other entities, internal or external involved in replicating the issue.
    • The exact time the issue was replicated. You need to get this from the clock on the server running 3CX Phone System.
    • The route taken by the call.
    • Any other information you think could be relevant.
  7. Once the problem has been reproduced, you can stop the network capture from “Capture” > “Stop” (or by clicking the stop button  wireshark stop)
  8. You need to save the network capture from “File” > “Save As”.
  9. Give a name to the network capture. Leave the “Save as type” as default.
  10. Attach the Wireshark network capture file to the support ticket together with the 3CX Phone System support files.

Liked this article?


Get notified of new articles
or share
You might also be interested in:
  1. Pingback: SIP Trunks | SIP Trunking » Using Wireshark to Capture Network Traffic