Need help analyzing VOIP traffic

asked 2018-03-09 21:33:35 +0000

We have Mitel VOIP phones talking on there own VLAN at my organization. VOIP traffic that has to cross over a 10 gig fiber link between two HP 5900 AF switches has intermittent packet loss and jitter causing voice quality issues. I need to analyze the traffic. From my desk I start the wireshark capture on my Ethernet interface. I make a call with the VOIP phone and then stop the capture after the call is disconnected. I click on Telephony but I get no information on the call I made. Probably need some basic help on setting this up.


edit retag flag offensive close merge delete


Is your computer connected through the phone? If the answer is yes, you are not gonna see any voice traffic. You need to span the phone port to your computer port and unbind all networking protocols from the NIC you are using to capture.

net_tech gravatar imagenet_tech ( 2018-03-10 02:38:11 +0000 )edit

Read the Wireshark capture setup wiki. Regardless whether your PC is connected via the phone or next to the phone (to another port of the same switch to which the phone is connected), there is always a switch between the phone's own traffic and the PC.

Depending on your phone model, even the phone itself may be able to capture its own traffic into a file, but you actually need to capture at several different points on the path between the phones simultaneously and identify the section of the path where the packets get lost or delayed. The most likely cause is unmanaged or poorly managed QoS in the network where the VoIP packets are not prioritized over other traffic. If there would be only lost packets, it could be a faulty port or cable, but if there are delayed packets, it is definitely a QoS issue.

sindy gravatar imagesindy ( 2018-03-10 18:56:49 +0000 )edit

I would check the path the SIP traffic is going between the phone and the other endpoint (PBX?) and then figure out if there is a device in that path which can do packet traces. Most modern phone do pcap. Also, the HP 5900 series has port mirroring. Thus you could setup a port to mirror the traffic in question and attach your PC there for Wireshark to see something. I think I once read something about a packet capturing capable image for that switch type, but I'd rather go with port mirroring first..

Dan gravatar imageDan ( 2018-03-12 22:50:32 +0000 )edit