This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Remote RTP monitor of second Tomato router using dual nics

0

My setup:

One cable modem (assigned two IP Addresses) to an HP Procurve 1410-8G switch. IP Address 1 to E4200 Tomato router and home network computers. IP Address 2 to E3000 Tomato and IP Phones; Panasonic KX-TGP550T04 base unit plus 3 TPA50 remotes (no computers permanently attached). QoS and bandwidth caps keep things in order.

I have successfully used Wireshark to run a remote capture of RTP and SIP streams from the Panasonic phones on the VOIP network by attaching a netbook running Wireshark to the E3000, and I have also monitored the streams from the home network softphone using Wireshark on one of the home network computers.

I would like to monitor the voip network for a while since this is a new setup, but I don't have the luxury of leaving the netbook attached to the E3000.

Since my main computer on the home network has dual nics, I was wondering if it is possible to connect the unused nic to the voip network to monitor the Panasonic phones on the E3000 without messing up the home network, and how this might be accomplished?

The E4200 and E3000 have different network addresses (eg 192.168.1.1 and 192.168.2.1) and both act as DHCP servers.

asked 20 May '12, 02:35

semiarid's gravatar image

semiarid
1111
accept rate: 0%


One Answer:

0

I have successfully used Wireshark to run a remote capture of RTP and SIP streams from the Panasonic phones on the VOIP network by attaching a netbook running Wireshark to the E3000

repeat exactly that with your home PC. Connect the unused 2nd nic to the E3000 in the same way you did with the netbook. I just wonder how you captured the traffic, as the switch you mentioned, has no port mirroring features. Is that a feature of the E3000? Could you please comment on this?

To prevent the PC from getting an IP address from the E300 (DHCP), either disable the "TCP/IP binding" on that nic (nic settings), or give it an arbitrary static IP address (without default gateway). Then start sniffing on that 2nd nic with wireshark, as you did with the laptop.

Regards
Kurt

answered 20 May '12, 13:44

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%