|
Check out these great references as well: |
| Our custom profiles repository for Wireshark |
| Our Udemy course on Wireshark |
| Our Udemy course on Wireless Packet capture |
As more and more of you are moving to Voice over IP, you will want to use Wireshark to do voice analysis. But first, you may want to run a capture somewhere. As many of you know, tshark is the command line version of Wireshark. Here are some usage examples for tshark and capture of packet voice:
| tshark Objective | tshark Command |
| Capture all SIP on specified port and switch files every hour | tshark -nq -i eth0 -b duration:3600 -w /tmp/trace/sip.pcap port 5080 |
| Filter on SIP and all RTP packets | tshark -S -w capture.pcap -f “(udp port sip) or (udp[1] & 1 != 1 && udp[3] & 1 != 1 && udp[8] & 0x80 == 0x80 && length < 250)” |
| Filter on RTCP packets reporting any packet loss or jitter over 30ms | tshark -i eth0 -o “rtp.heuristic_rtp: TRUE” -R ‘rtcp.ssrc.fraction >= 1 or rtcp.ssrc.jitter >= 240’ -V |
| Capture SIP, RTP, ICMP, DNS, RTCP, and T38 traffic in a ring buffer capturing 100 50MB files continuously: | tshark -i eth0 -o “rtp.heuristic_rtp: TRUE” -w /tmp/capture.pcap -b filesize:51200 -b files:100 -R ‘sip or rtp or icmp or dns or rtcp or t38’ |
| Analyze a packet capture with SIP TLS on port 5061(replace A.B.C.D with appropriate IP address) | tshark -o “ssl.desegment_ssl_records: TRUE” \ -o “ssl.desegment_ssl_application_data: TRUE” \ -o “ssl.keys_list: A.B.C.D,5061,sip,/opt/freeswitch/conf/ssl/agent.pem” \ -o “ssl.debug_file:/tmp/tshark.log” \ -i eth0 \ -f “tcp port 5061” |
| Analyze RTP events | tshark -o “rtp.heuristic_rtp: TRUE” -R rtpevent |
| Analyze RTP Quality | sudo tshark -q -f ‘udp portrange 16384-32768’ -o rtp.heuristic_rtp:TRUE -z rtp,streams |
Comments are welcomed below from registered users. You can also leave comments at our Discord server.
If you would like to see more content and articles like this, please support us by clicking the patron link where you will receive free bonus access to courses and more, or simply buying us a cup of coffee!