Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
mriswan
Staff
Staff

Created on ‎10-28-2024 01:22 AM

Article Id 353105

Troubleshooting Tip: How to analyze SIP packet capture using Wireshark Tool

Description

 

This article describes how to use Wireshark to analyze SIP PCAP dump files to have a basic understanding of the call flow.

 

Scope

 

FortiGate.

 

Solution

 

  1. List the SIP calls from the PCAP dump. Use the menu entry in Wireshark Telephony -> VOIP Calls to see the SIP call list see the information below:
  • The Start Time and Stop Time of each call.
  • The initial Speaker is the IP Address of the Caller.
  • Caller ID and Callee ID in the From and To URI.

 

Screenshot 2024-10-28 104328.png

 

Screenshot 2024-10-28 104505.png

 

  1. Select the calls to check, Click the 'Flow Sequence' button to see the graph of this call with some details:
  • SIP signaling flow between different UA.
  • Direction, source, and dest port of RTP stream.
  • Codec of the RTP stream.

 

Screenshot 2024-10-28 105230.png

 

Packet capture used in this article can be downloaded from the link:

https://www.cloudshark.org/captures/4ff29b39b8dc?filter=sip

1791
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.