Long Term capture with Wireshark
Posted by Kevin Hill on 08 July 2010 10:56 AM
Sometimes we require that our customers provide us with sniffer captures of RTP traffic. Here are some instructions to help you gather long-term sniffer traces, for example if a problem is elusive, and you need to capture traces over multiple hours or days.|
* Download the WireShark sniffer for your platform.
* Use the Capture / Capture Options menu and follow these steps:
o Choose the proper network interface on your IP PBX system
o Enter "udp" as the Capture Filter (this will restrict the capture to useful packets, and make the trace smaller)
o Select a "Capture File" location, and choose a new name, to indicate where you would like the files to be saved.
o Check "Use multiple files"
o Check "Next file every" (should say: "Next file every 1 megabyte(s)")
o Check "Ring buffer with", then enter a number of megabytes you can use on the local hard drive; for example if you plan to use up to 200MB, enter "200"
o Unselect "Update list of packets in realtime"
o Click Start once the parameters are set