I'm new to wireshark. I installed wireshark. I started running captures but I'm not seeing anything that looks like Mitel phone traffic. I'm looking for UDP or RTP traffic. Should I see the IP addresses of the phones in the capture? Are there special settings in Wireshark to capture Mitel phone traffic? Thanks, asked 19 Oct '15, 12:30  Carl |
3 Answers:
It all depends on what signalling protocol these Mitel devices use. Is it proprietary, it's probably not dissected. Is it one of (check Wireshark wiki for VoIP calls) known protocols then it will. Otherwise go into the RTP protocol dissector preferences and tick 'Try to dissect RTP outside of conversations'. This will dissect eligible UDP packets as RTP. answered 19 Oct '15, 13:30  Jaap ♦ edited 20 Oct '15, 08:11 |
Yes you will see IP Addresses.... Are your phones on a different subnet? you could filter on that subnet? something like; ip.addr == 192.168.10.0/24 (subnet for mitel phones) Mitel should also mark with DSCP value of ef, so you could filter by that; ip.dsfield == 184 Regards Warren answered 20 Oct '15, 05:19  Warren Sullivan |
I dare to ask... are you sure the traffic to/from the phones gets "somehow" to the Ethernet interface on which you capture? I.e. does the traffic flow through the machine on which you run the wireshark, or have you configured a span port on the switch through which the phones' traffic is running and connected it to the machine? Regards, Pavel answered 28 Oct '15, 14:47  sindy edited 28 Oct '15, 14:47 |
