I am attempting to monitor sip packets between the sip server/VoIP phone system and a sip to analog gateway. When I connect using a USB to Ethernet adapter I do not see sip or icmp messages. When I use an Ethernet port on the same pc and make no changes to Wireshark except to change the interface I see sip and icmp messages. asked 16 Sep '15, 09:26  cathym |
One Answer:
In general: yes. In detail: it depends ;-)) Please read my answer to a similar question, to figure out if the proposed solution might help you:
Regards answered 20 Sep '15, 13:15  Kurt Knochner ♦ @cathym: Do you see the USB adapter if you run the following command?
If NO: It's the problem I've mentioned above (21 Sep '15, 10:01) Kurt Knochner ♦ |
Are you running Wireshark on the server, the gateway, or a third machine? If you're running Wireshark on the server or gateway, are you communicating with the other machine using the built-in Ethernet port or the USB Ethernet adapter?
3rd machine. Using port mirroring, mirroring the sip server to the port the pc is connected to.
And if you plug the mirrored port into the built-in Ethernet port, and capture in promiscuous mode, you see the SIP and ICMP packets, but if you plug it into the USB Ethernet adapter, and capture in promiscuous mode, you don't see those packets?
Yes, set to capture to Use promiscuous mode on all interfaces.
What type of adapter is the USB adapter? Check with the vendor of the adapter whether it supports promiscuous mode. It might not - it might just silently ignore requests to put it into promiscuous mode, in which case it wouldn't see any unicast traffic between the two hosts.