I am running Windows 7 and I have a Realtec PCI family controller. I am trying to capture Sip and RTP traffic from a Avaya 1120 set with port mirroring turned on. I don't see any sip or RTP packets at all when I have a call up on the avaya set. Any thoughts? asked 06 Jun '16, 10:00  carchibald |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
Before digging any deeper, have you set promiscuous mode on? Can you see in the capture any other frames except ones your NIC itself is sending?
Promiscuous mode is on but I am only seeing what my NIC card is sending. A Bunch ARP broadcasts.
OK, so the traditional splitting of the problem into smaller ones has to take place.
Step 1, have you ever successfully captured any incoming traffic using that same PC connected to a regular switch port? If not, look for Answers to Questions like "cannot capture any incoming trafic". It is usually caused by an interference between security software drivers and WinPcap.
Step 2 would be to double-check the monitoring settings on the switch, as I've never heard that a promiscuous mode would not work on Realtech (nor any other wired NIC). You may be monitoring the switch port to which the phone is connected, and if the frames belonging to the VLAN dedicated for voice traffic are sent across that port tagged, your Realtec card/driver may ignore them rather than untag them as most other cards' Windows drivers do. If this is the case, you may need to search for an Answer to a Question dealing with Realtec and VLANs which has re-popped up here recently, or your switch may be able to monitor the VLAN instead of a port, and send the frames to the monitoring port without the tags in such case.