Using Wireshark to Log Interfaces

Updated 1 week ago by John (JP) Powell

Scope

Here is a procedure for setting up rolling packet captures on a Telos-commissioned Asterisk* SIP server.

* Any information provided here regarding "Wireshark," "Asterisk" or "FreePBX" servers refers only to Telos-commissioned FreePBX (Asterisk) servers used with Telos Alliance telephony products. While these are third-party servers and software, we are able to provide limited pointers and advice (like this article) under normal support. 

We are also happy to provide advanced, dedicated support and training on a VX and FreePBX* system through various paid TelosCare Service Level Agreement options, or a la carte via our Dedicated Remote and Onsite Support service. Please use the Contact Us link above for more information on these options. We can guide you through this entire process.

Description

Sometimes the causes of issues experienced with telephony gear are rather ambiguous. In a few of these cases, it becomes necessary to take packet captures of the Asterisk* server's network interfaces to prove where the problem is originating. These packet captures can be very large, so you'll need to configure Wireshark* to manage the data it's saving to your server to avoid filling up the disk and crashing the system. If your Asterisk* server was built by Announcement Technologies or commissioned by Telos, there should already be a version of Wireshark* installed. Below, we'll show you one way to do this.

1) Log in to Asterisk* and start XWindow

2) Start Wireshark*

From the menu bar in xWindow, go to Applications -> Internet and choose Wireshark Network Analyzer.

3) Create a Capture Session

When Wireshark* opens, click Interface List under the Capture section:

This will bring up a list of interfaces available to capture from. In this example, we'll tell it to look at any interface. Once we've done that, click Options:

In the options window, click Browse under Capture File(s)

This is where you will tell Wireshark* where to save the packet captures. We'll usually create a new folder on the Desktop. Once you've created / selected the folder, name the session and click OK. (in this example we have created a folder on the desktop called "troubleshoot" and we have named the session "capture")

4) Configure a Rolling Packet Capture

Once you've created a folder and a name for the session and have clicked OK, you will be brought back to the capture options window.

Under Capture File(s):

  • Check Use multiple files
  • Check Next file every and set this to 500MB
  • Check Ring buffer with and configure for 6 files
This will create a rolling packet capture that will start a new file every 500MB. The logger will keep up to 6 of these files before it starts rolling, or deleting the oldest file. This means that the captures will take up a max of 3GB on your disk. BE SURE YOU HAVE ENOUGH SPACE ON YOUR DISK!

Then under Display Options,

  • Uncheck Update list of packets in real time
  • Uncheck Hide Capture info dialog

Finally, Click Start.

This begins the capture process, which will continue running until you stop it.

5) Gathering and Sending Results

Once the issue has been reproduced, make note of the time it happened, the time it stopped happening, and the caller ID that was displayed or the number that was dialed when the issue occurred. This gives us a place to start looking.

  • Click the Stop button on the capture info dialog to stop the recording
  • Plug a USB thumb drive into the Asterisk*
  • Go to the Desktop in xWindow and drag the folder you created to the thumb drive
  • Send us the files for analysis along with the information described above.
These files can get rather large. If you are able to stop the packet capture immediately after recreating the problem, you can send us the latest file in the folder, which will be 500MB or smaller (according to our configuration here). Keep the remaining files handy just in case you are asked to provide them.

* Any information provided here regarding "Wireshark," "Asterisk" or "FreePBX" servers refers only to Telos-commissioned FreePBX (Asterisk) servers used with Telos Alliance telephony products. While these are third-party servers and software, we are able to provide limited pointers and advice (like this article) under normal support. 

Let us know how we can help

If you have further questions on this topic or have ideas about how we can improve this document, please contact us.


How did we do?


TelosHelp (opens in a new tab)

Powered by HelpDocs (opens in a new tab)