Troubleshooting Tip: How to analyze SIP packet capture using Wireshark Tool
Description
This article describes how to use Wireshark to analyze SIP PCAP dump files to have a basic understanding of the call flow.
Scope
FortiGate.
Solution
- List the SIP calls from the PCAP dump. Use the menu entry in Wireshark Telephony -> VOIP Calls to see the SIP call list see the information below:
- The Start Time and Stop Time of each call.
- The initial Speaker is the IP Address of the Caller.
- Caller ID and Callee ID in the From and To URI.
- Select the calls to check, Click the 'Flow Sequence' button to see the graph of this call with some details:
- SIP signaling flow between different UA.
- Direction, source, and dest port of RTP stream.
- Codec of the RTP stream.
Packet capture used in this article can be downloaded from the link: