Ask Your Question

Capture VOIP traffic to check for packet loss

asked 2018-10-02 11:22:47 +0000

this post is marked as community wiki

This post is a wiki. Anyone with karma >750 is welcome to improve it.

Hi I'm new to Wireshark so would appreciate some basic advice. We are currently experiencing issues with our VOIP phones - not able to access and outside line, etc. Our SIP provider is blaming this on lost packets and our network.

I've installed Wireshark but is it possible to filter just VOIP traffic and if so how. How can I then check for packet loss?


edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2018-10-07 17:48:33 +0000

sindy gravatar image

"VoIP" consists of the call control (or signaling), which in your case is SIP, and the media, which in your case is RTP.

To check whether your network is responsible for the issue or not, you need to capture at your uplink or as close to it as possible, and the simplest capture filter is host x.x.x.x where x.x.x.x is the IP address of your SIP provider's server. See the Wireshark capture setup manual to find out what hardware and setup you need to get a copy of the traffic to the capturing machine.

Some router models as well as some IP phone models have embedded capturing capabilities.

You haven't stated whether your SIP phones register with your PBX or directly with your SIP provider, and if there is a PBX, whether it registers with the SIP provider or is statically configured.

If you cannot access external lines at all, packet loss is an unlikely cause; if it happens from time to time but you don't experience audio problems once the call establishes, packet loss is also an unlikely cause. If some calls set up and some don't and for those which do the remote party complains about audio quality, packet loss may be the reason.

Capturing on the uplink should show you whether your phones or PBX send INVITE to the SIP provider or not; if you can see only one INVITE immediately responded with a 100, the packet loss may happen inside your network (between the phone and the uplink), so capturing next to the IP phone should show several INVITEs before a 100 comes back.

Similarly, if you can see several INVITEs before a 100 comes back on the uplink, the INVITEs or the 100s get lost outside your network.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2018-10-02 11:22:47 +0000

Seen: 68 times

Last updated: Oct 07