I have magicjack set up on this machine and would like to capture VOIP packets, but usually I can only capture all packets and it captures a lot of other useless stuff like internet downloads and web pages and that sort of thing (this computer is used for web surfing as well as VOIP, its not a dedicated machine) I have some problems with the quality and want to analyze calls. Whenever a call comes in if I then start the capture it is too late somehow wireshark would not recognize it when I got o the voip decode... so therefore I need wireshark to be capturing always on BEFORE the calls come in for it to work. But without a way to filter out only VOIP packets it becomes quickly unmanageable.
Is there a way to set a filter in the capture to configure it to ONLY capture voip packets and filter it to not capture any of the other stuff?
If you're looking at the signaling packets only this page suggests a capture filter like
udp port 5070But if you need to voice packets as well (which I suspect you do) there's no capture filter available to you. This is result of the fact that the voice packets are transported on an dynamic port number, and the capture filter cannot recognize RTP.
An other way to do this is to run dumpcap with a multiple file option. After your call pick up the capture file(s) you need and analyze them.
answered 06 Jul '11, 14:37