I captured the traffic for an Avaya VoIP phone with Wireshark. the user phone (10.10.10.100) is calling another user on the remote site (10.10.30.100). I am not sure I understand the flow of UDP. I don't see the conversation between 10.10.10.100 and 10.10.20.100. I only see the conversation between 10.10.10.100 and 10.10.20.1 (the IP Office). 10.10.10.100 and 10.10.20.1 are on the same location. asked 04 Apr '14, 11:07  character9 showing 5 of 6 show 1 more comments |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
O.K. and what is your question?
Why I cannot see the conversation between 2 phones? Why I only see the conversation between the phone and the IP Office?
Define "conversation". You mean SIP signaling? That almost never goes directly between two phones. Do you mean the RTP/RTCP media? That sometimes does and sometimes does not go directly between two phones, depending on a bunch of factors.
Or do you just mean why does Wireshark not capture packets from everywhere, even though there are packets? It can only capture the packets on the wire connected to the PC it's running on, and if you're in a switched ethernet environment, that won't be much unless you're connected to a monitoring port. (or are you running on wireless? that has its own issues...)
You are talking about 10.10.30.100 and then about 10.10.20.100. Is that intentional or a typo?
Furthermore: please add information about the systems. What is
Without, at least some, information about your environment it would need a clairvoyant to understand the problem ;-))
Yes it is a type. Sorry.
10.10.10.100 is the phone on site A. 10.10.30.100 is the phone on site B. 10.10.20.1 is the PBX on site A
From my understanding about the VoIP, before phone A can communicate with phone B, it needs to communicate with the Call Manager for the call setup. Once it is setup the 2 phones can communicate directly with each other.
I don't know what is using for voice signaling for this conversation. That is why I am using Wireshark to trace the traffic. I only see UDP traffic. I was trying to use the Telephony feature for SIP. But there are no SIP packets. I also tried VoIP calls but nothing.
Avaya supports multiple VoIP protocols, depending on the exact software, version, etc. - a common one is SIP, but they do H.323 as well, and probably some proprietary stuff I don't know about.
The easiest way to help you is if you can post your capture file online somewhere we can get it, like on cloudshark.org. It's much harder to do this without seeing what you see.
For the UDP packets you see, when you click on one and look in the Bytes Pane, is it readable ASCII characters? If so, it might still be SIP but just not on UDP port 5060; in which case you can tell Wireshark to decode it as SIP anyway by right-clicking on the packet and selecting "Decode As..." and selecting SIP protocol.
Or the UDP packets might be the RTP media, and you simply can't see the SIP (or whatever) signaling packets. If wireshark didn't see the SIP packets create the call, then it won't know which UDP packets are for RTP, so again you'd have to tell it by selecting Decode As...
As for 2 phones communicating directly with each other, the short answer is no - they sometimes do, and sometimes don't. Most standards and books assume they do, but in the real world that's just not the case. It depends on many factors, such as the systems being used, their configuration, NATs/Firewalls, security policies, etc. Don't believe everything you read. :)