This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How to capture SIP / RTP traffic over wireless LAN? Is it possible to decrypt the SIP / RTP frame headers?

0

Hi Experts,

Am trying to capture SIP / RTP traffic from my wireless laptop. I'm making a SIP call over Wireless. I can capture the 802.11 packets with appropriate QoS settings. But i dont' see any SIP / RTP packets captured by the Wireshark.

Are we able to capture the SIP / RTP packets over WLAN?

My network setup : SIP server --> WLAN controller --> L3 Switch --> Access point ===> 2 Wireless laptop with SIP clients.

Wireshark (observer) is running in a machine connected in that L3 switch. End to End QoS settings implemented in L3 switch.

Encrypted wireless packets are sent to the Access point over Wireless LAN. In turn, Access point will decrypt the 802.11 packets and send it to the above observer connected in L3 switch.

I'm able to capture the 802.11 packets with appropriate QoS settings. But there are no SIP / RTP traffic seen in my wireshark capture.

Can any expert help me ?

Thank you.

/Manik

asked 11 Apr '13, 11:21

manikd's gravatar image

manikd
11113
accept rate: 0%

One Answer:

1

WLAN controller --> L3 Switch --> Access point

If that is really a WLAN controller, then the communication between the AP and the WLAN Controller is probably encrypted, so all you will see on a switch port is encrypted traffic (thus no SIP/RTP).

However, I don't quite understand why you see 802.11 packets while you are capturing traffic on a L3 switch, but maybe I misinterpret your setup. Did you capture on an ethernet port of the switch (with port mirroring) or via a WLAN interface in your Wireshark PC/Laptop?

BTW: Can you add some information about the WLAN controller (brand, modell) and the AP. It will help to understand if the communication is encrypted or not.

Regards
Kurt

answered 11 Apr '13, 14:18

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 11 Apr '13, 14:44

Hi Kurt,

Thanks for your reply. I got know that the Access point is not capable enough to capture SIP traffic and send it to the observer. It can send the basic info about 802.11 packets.

So using the above network setup we can't achieve capturing the detailed SIP packets.!!!

I will have to go for a MacBook or Alfa / airpcap card.

Thanks a lot for your feedback.

/Manik

(12 Apr '13, 03:01) manikd

@manikd

Your "answer" has been converted to a comment as that's how this site works. Please read the FAQ for more information.

If an answer has solved your issue, please accept the answer for the benefit of other users by clicking the checkmark icon next to the answer. Please read the FAQ for more information.

(12 Apr '13, 03:11) grahamb ♦